(Posting to the list for posterity.) Kent West wrote:
I haven't gotten the home directory stuff figured out yet. When a user logs in, the error is generated that the home directory doesn't exist and that / will be used as the home directory. Hopefully I can get that solved in the next day or two.
Yuri responded:
[...]template homedir = /home/%D/%U[...]mkdir /home/YOURDOMAINthen, log in and it automatically create /home/YOURDOMAIN/username (/home/YOURDOMAIN must exist!)In the meantime Linux users have a new home (in a NFS server) becouse I've a little problem. if I mount:smbmount //winserver-home/users /home/MYDOMAIN I am the owner of all homes!!! And they can't write! if you find a better solution, let me know... Ps: I am not domain administrator=I can't do everything
Yes, this created the directory. I'm wanting them to instead mount their NT Home folders, but if I understand what you're saying above, there are "issues" yet to be worked out. Still, this has gone a _very_ long way in getting me where I wanted to go. Thank you VERY much, Yuri!
In my previous long posting (available in the Debian User Mail List archives at www.debian.org) detailing the setup, my /etc/pam.d/login file was missing the line: session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
So, for completeness' sake, in one location, here are the relevant files: /etc/nsswitch.conf: passwd: files winbind compat group: files winbind compat shadow: winbind compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis /etc/samba/smb.conf: [global] workgroup = ACU server string = %h server security = domain encrypt passwords = true password server = phoebe log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 18 local master = No dns proxy = no winbind uid = 10000-20000 winbind gid = 10000-20000 template shell = /bin/bash winbind separator = + template homedir = /home/%D/%U /etc/pam.d/login: auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_winbind.so auth required pam_env.so auth required pam_unix.so nullok use_first_pass account sufficient pam_winbind.so account required pam_unix.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenvsession required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 password required pam_unix.so nullok obscure min=4 max=8
Yuri earlier mentioned /etc/pam.d/xlock, but I haven't played with that file yet, nor know what it controls. I suspect it has something to do with the X Window System. For completeness, I'll add his /etc/pam.d/xlock file here:
auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass account sufficient pam_winbind.so account sufficient pam_unix.so