Auto Create user home directory on Samba

m2azer · 01-15-2007, 11:14 AM

Hello all,

if i create a new user on the win 2003 active directory and specify a home user under profile i will get " the home folder could not be created because: the network name cannot be found" I know for sure I am getting that error because the user home folder doesn't exist yet on the samba machine - is there any way to get the user home created automatically once a new user are added to active directory.

Note: If the new user log in the linux terminal the home user will be created automatically because i am using session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=0077
in my pam.d/system_auth. how do i get the same thing working when i create a user with active directory.

Thanks for you help

[global]
#ADS
security = ADS
workgroup = CAD
realm = CAD.TESTDOMAIN
netbios name = itbox
preferred master = no
password server = 192.168.1.6
client use spnego = yes
server signing = auto
encrypt passwords = yes
#winbind
winbind separator = +
idmap uid = 1000-20000
idmap gid = 1000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 0
winbind nested groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#logs
log file = /var/log/samba/%m.log
log level = 3
max log size= 50
#extras
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168.1. 192.168.0. 127.
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[data]
path = /data
public = yes
writable = yes
browseable = yes

xjlittle · 01-15-2007, 11:24 AM

Do you have a system-auth-winbind in your pam.d directory? If not create one and add the following entries in it:

Code:

auth        required      pam_env.so
auth        sufficient    pam_winbind.so
auth        sufficient    pam_unix.so likeauth nullok use_first_pass
auth        required      pam_deny.so

account     sufficient    pam_winbind.so
account     required      pam_unix.so

password    required      pam_cracklib.so retry=3
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so

session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0022 
session     required      pam_limits.so
session     required      pam_unix.so

In you smb.conf make sure that you have

Code:

obey pam restrictions = Yes

This is what we use on our samba+ldap domain and previously on the nt4 domain. I can't guarantee it'll work on AD but it's worth a shot.

m2azer · 01-15-2007, 11:56 AM

Thanks for the reply

No it didn't work I still have to go on the linux machine and manually create the user home folder first then create or modify the user on the win 2003 AD.

I did create the system-auth-winbind as you mentioned and made sure to have obey pam restrictions = Yes in my smb.conf however it didn't work -

do i need to make a change in the pam.d/samba??

Thanks