In order to facilitate client backups, I set up samba on CentOS on a Windows 2008R2 based domain. I created an empty directory, /etc/skel2, as I was not planning on letting users log in via ssh or the console.
Unfortunately, the samba 3.0.x line wouldn't work correctly. I could join the domain, but not connect to shares. Samba logged the following message every connection attempt:
read_data: read failure for 4 bytes to client 192.168.70.23. Error = Connection reset by peer
I upgraded to the Samba3 package with yum (Samba 3.3.x) and rejoined. I added a pam.d entry in the samba config:
session required pam_mkhomedir.so skel=/etc/skel2 umask=0077
( I don't want users to see each other's directories. I did not modify system-auth, as I did not want the users to log in with anything but samba.)
And added this to smb.conf:
winbind separator = \
# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /data/clientdata/backups/%D/%U
template shell = /bin/bash
obey pam restrictions = yes
An important note, the samba3 rpm separates the smbd and nmbd init scripts, so you'll need to do a separate "chkconfig nmb on."
