Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: samba / posix zimlet home directory creation

  1. #1
    weigenmann is offline Active Member
    Join Date
    Jan 2008
    Location
    Australia
    Posts
    25
    Rep Power
    7

    Default samba / posix zimlet home directory creation

    Hello everyone,

    I have been implementing/using the zimbra collaboration Suite with samba posix zimlet. It is working fine from what I can tell. I am only using the mail server for my own use so far. I have used the following link as a guide.

    Code:
    http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI
    The thing I never could get to work was the automatic creation of /home/(new user) directory at first logon to the domain. I have searched and found heaps of sites with answers, but nothing has worked out. It seem it has to do with pam_mkhomedir.so. I have the exact same content in all /etc/pam.d/common-* as in the guide.

    I also came across another way of doing just that. Here is what I am using for the time being.

    All on one line, /etc/samba.conf, for [homes]:

    root preexec = /etc/samba/scripts/mk_sambadir "/home/%u" "%u" "%g"

    create file mk_sambadir with content below and make it executable:
    /etc/samba/scripts/mk_sambadir:

    #!/bin/bash
    if [ ! -d "$1" ]
    then
    mkdir "$1"
    fi
    chmod 770 "$1" -R
    chown "$2" "$1" -R
    chgrp "$3" "$1" -R


    Maybe someone else may have some input.
    OS: CentOS 5.2 64bit
    ZCS: 5.0.10 OSS 64bit for RHEL 5

    Thanks a lot.

    Regards,
    Willi Eigenmann

  2. #2
    ael
    ael is offline Starter Member
    Join Date
    Mar 2009
    Posts
    1
    Rep Power
    6

    Default

    I have got the same problem. If someone else could help me please..

  3. #3
    Nolan is offline Starter Member
    Join Date
    Mar 2009
    Posts
    1
    Rep Power
    6

    Exclamation

    We have the same problem too, home directory creation IMPOSSIBLE !!!

    we found the solution nowhere... WE NEED HELP PLEASE...

  4. #4
    todd_dsm's Avatar
    todd_dsm is offline Loyal Member
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    6

    Default Is there an answer to this one?

    It wouldn't hurt to be non-quiet about it. I'm seeing the same thing too. Please advise.

  5. #5
    weigenmann is offline Active Member
    Join Date
    Jan 2008
    Location
    Australia
    Posts
    25
    Rep Power
    7

    Default

    Dear fellow Zimbra user,
    Maybe I did not make completely clear in my initial post. As a work around I have been using the following:

    Edit file /etc/samba.conf and look for the [homes] section and the add the next line.

    root preexec = /etc/samba/scripts/mk_sambadir "/home/%u" "%u" "%g"

    Next, create file mk_sambadir with content below and make it executable.
    I have created that file in a sub folder called scripts in /etc/samba.

    Location: /etc/samba/scripts
    Content of file mk_sambadir as per following lines:

    #!/bin/bash
    if [ ! -d "$1" ]
    then
    mkdir "$1"
    fi
    chmod 770 "$1" -R
    chown "$2" "$1" -R
    chgrp "$3" "$1" -R


    That has been working ever since.

    Note: The home directory on the Linux Box will be created once the user actually does logon to the domain via Windows XP or Vista. And NOT at the time you create a new user in Zimbra Administration Console.

    Note1: The Windows profile will be saved on the Linux Box once a user logout or shutdown is performed. Please see section [profiles] - path in /etc/samba/smb.conf for details.

    Regards,
    Willi Eigenmann
    Last edited by weigenmann; 05-20-2009 at 12:44 AM.

  6. #6
    weigenmann is offline Active Member
    Join Date
    Jan 2008
    Location
    Australia
    Posts
    25
    Rep Power
    7

    Default

    To further clarify this threat. The above mentioned workaround requires that the posix and samba zimlet are installed and configured.

    Here is a link on how to do that.
    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    Then one can create new users according to this video:
    Created by Camtasia Studio 4

    Regards,
    Willi Eigenmann

  7. #7
    RevDarkman's Avatar
    RevDarkman is offline Senior Member
    Join Date
    Apr 2008
    Location
    Newborough, Anglesey, North Wales, UK
    Posts
    66
    Rep Power
    7

    Default

    #!/bin/bash
    if [ ! -d "$1" ]
    then
    mkdir "$1"
    fi
    chmod 770 "$1" -R
    chown "$2" "$1" -R
    chgrp "$3" "$1" -R
    Many thanks for this :-)

    I do have a question though.

    For example I have theese Posix groups

    Domain Admins
    Domain Users
    Staff
    Public

    Whne using this script, it assigns the unix user:group to tyhe home directoy of the usernamerimarygroup. the primarygroup being whatever the Posix group that was assigned to the user during creation in Zimbra UI.

    Can this script be modified so that it assigns user:usergroup to the home directory?

  8. #8
    weigenmann is offline Active Member
    Join Date
    Jan 2008
    Location
    Australia
    Posts
    25
    Rep Power
    7

    Default

    In Part4 - Configuring pam_ldap and nss_ldap of wiki:
    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    Down at Edit /etc/pam.d/common-session where you are asked to insert
    session required pam_mkhomedir.so skel=/etc/skel umask=0077

    When I insert the above line into /etc/pam.d/samba instead it does actually create the users home directory without the work around.

    Regards,
    Willi Eigenmann

  9. #9
    chris.heaven is offline Starter Member
    Join Date
    May 2009
    Posts
    2
    Rep Power
    5

    Default

    Thank you Mr. Eigenmann.

    Cheers,

    Chris

  10. #10
    todd_dsm's Avatar
    todd_dsm is offline Loyal Member
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    6

    Default I found the cure

    The UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki post suggests that your pam stack for the system be:
    account sufficient pam_unix.so
    account sufficient pam_ldap.so
    auth sufficient pam_ldap.so
    auth sufficient pam_unix.so
    password sufficient pam_unix.so
    password sufficient pam_ldap.so
    session sufficient pam_unix.so
    session sufficient pam_ldap.so
    session required pam_mkhomedir.so skel=/etc/skel umask=0077
    ===
    On a RHEL system the pam.conf man pages says of a 'sufficient' entry:
    success of such a module is enough to satisfy the authentication requirements of the stack of modules (if a prior required module has failed the success of this one is ignored). A failure of this module is not deemed as fatal to satisfying the application that this type has succeeded.

    The pam.conf man pages says of a 'required' entry:
    failure of such a PAM will ultimately lead to the PAM-API returning failure but only after the remaining stacked modules (for this service and type) have been invoked.
    ===
    As the first entry indicates you will check your /etc/passwd files first (pam_unix.so) then, on the second line, the ldap entries (pam_ldap.so).
    ===
    The first line in the pam stack will most certainly fail if you have all of your users in ldap. Then, because of the sufficient designation, the remaining lines in the pam stack will be ignored.
    ===
    FOR THE PRESENT: I have removed the unix lines from my pam stack (pam_unix.so) and changed all sufficient to required. Mine looks like this:
    # cat /etc/pam.d/system-auth-ac
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    account required pam_ldap.so
    auth required pam_ldap.so
    password required pam_ldap.so
    session required pam_ldap.so
    session required pam_mkhomedir.so skel=/etc/skel umask=0077
    ===
    This allows for all requirements so far:
    1) my test users can login via the samba domain
    2) their home directories are created automatically
    3) the server can still find it's self when starting (after a reboot) and boot normally
    ===
    Also, the sshd pam includes a lot of pointers to the system-auth-ac pam, so this has to be modified to NOT point to line entries in system-auth-ac. This is necessary as you will not be able to login again as root after all sessions are closed. This is my new sshd pam:
    # cat /etc/pam.d/sshd
    #%PAM-1.0
    auth required pam_env.so
    auth sufficient pam_unix.so nullok try_first_pass
    auth requisite pam_succeed_if.so uid >= 500 quiet
    auth required pam_deny.so
    account required pam_nologin.so
    account required pam_unix.so
    account sufficient pam_succeed_if.so uid < 500 quiet
    account required pam_permit.so
    password requisite pam_cracklib.so try_first_pass retry=3
    password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
    password required pam_deny.so
    session optional pam_keyinit.so force revoke
    session include system-auth
    session required pam_loginuid.so
    session optional pam_echo.so file=/etc/pam.d/sshd_welcome
    # NOTE: the final line is not necessary. I've simply added a welcome message during testing.
    ===
    Now, more unforeseen requirements have been met:
    1) you can still login as root!
    ===
    That being said, I am not an expert with PAM. This will undergo further security review by someone with much more experience in this area than me. You should do the same. This will get you started though - no scripting necessary

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 10:06 AM
  2. [SOLVED] upgrading to latest 4.5 release
    By ak2009 in forum Installation
    Replies: 6
    Last Post: 01-17-2009, 09:08 AM
  3. Outlook 2007 Beta error
    By bersrker in forum Zimbra Connector for Outlook
    Replies: 13
    Last Post: 07-17-2008, 07:38 AM
  4. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 09:30 AM
  5. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •