Web lists-archives.com

Re: [Samba] Regular users can't log in to Samba AD DC from Windows

On 02/06/2017 13:36, Rowland Penny via samba wrote:
On Mon, 6 Feb 2017 12:57:19 +0200
Alnis Morics via samba <samba@xxxxxxxxxxxxxxx> wrote:

On 02/06/2017 11:48, Rowland Penny via samba wrote:
On Mon, 6 Feb 2017 11:11:09 +0200
Alnis Morics via samba <samba@xxxxxxxxxxxxxxx> wrote:

Thank you, Rowland, for the reply.

And the nss tests as per Wiki seem to pass:

# getent passwd Administrator

# getent passwd user1
RW\user1:*:3000017:20:User1 Tester1:/home/user1:/usr/sbin/nologin

The above is interesting, you don't have a template homedir line in
smb.conf but you have '/home/username' instead of

Oh, yes, didn't notice that. But the directory doesn't actually
exist. I guess it would be created on first logon which has not yet
occurred ?) And I can't login with it locally (I would need PAM
configured for it, right?)>

Yes, you need to get PAM to create the users homedir with pam_mkhomedir

Although, when I create a FreeBSD user ("pw useradd testuser -m
/home/testuser"), the home directory is immediately created without
loging in.

That's because you are telling the command to create the homedir

I tried now to create a user explicitly telling the home directory:
samba-tool user create user2 Pa$$w0rd --surname=Tester2
--given-name=User2 --mail-address=user2@xxxxxx

getent passwd user2
RW\user2:*:3000020:20:User2 Tester2:/home/RW/user2:/usr/sbin/nologin

But otherwise nothing changes: directory isn't created, and I can't
login from Windows. And the logs repeat the same thing.

samba-tool doesn't create the homedirs, it populates an attribute in AD
and PAM reads this and creates the home dir at first login.

I see. But I don't necessarily need homedirs and hence PAM configured just to log in from Windows and access a file share from there, do I? Or even just to log in on Windows to the domain.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba