Since this setup automatically creates a home directory for a user as soon as they access the machine (via samba, ssh, console), I noticed some directories being created for computer accounts.  To prevent this,  I have added a line that only "Domain Users" are allowed to authenticate.  To add this:

wbinfo -n "Domain Users"

It will spit out the SID for the Domain Users group. Something like this:

S-1-5-21-((some number))-((some number))-((some number)) Domain Group (2)

Take that number and change the line in /etc/pam.d/common-session to look like this:

session sufficient require_membership_of=S-1-5-21-((some number))-((some number))-((some number)


comments powered by Disqus