[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
Jelle de Jong
jelledejong at powercraft.nl
Thu Apr 30 19:57:05 UTC 2020
On 2020-04-30 09:49, Rowland penny via samba wrote:
> On 29/04/2020 22:07, Jelle de Jong via samba wrote:
>> Hello everybody,
>>
>> I been at this for more then a week and went through the archives and
>> wiki but can not get it to work.
>>
>>
>> root at samba01:~# cat /etc/samba/smb.conf
>> [global]
>>
>> #username map = /usr/local/samba/etc/user.map
> You need the user.map
>>
>>
>> idmap config SAMDOM:backend = rid
>> idmap config SAMDOM:range = 10000-999999
> You need to use the 'ad' backend
>>
>> template homedir = /home/%U
> I think that is your problem right there, if you are trying to create a
> link something like map 'H:' to '/home/%U' in the 'profiles' tab (%U
> could be a username), it will not work. This was raised here recently
> and I said it didn't work, well it does, provide you do not specify '%U'
> in the share path in smb.conf, the only possible problem could be the
> permissions the users dir gets created with and you can fix that with a
> 'root preexec' script.
>>
>> idmap config SAMDOM:unix_primary_group = yes
> That only works with the 'ad' backend
>>
>> winbind enum users = yes
>> winbind enum groups = yes
> Never set those, they just slow things down.
>>
>> [documenten]
>> path = /srv/storage/shares
>> read only = No
>> create mask = 0660
>> directory mask = 0770
>> inherit acls = Yes
>> map acl inherit = Yes
>> hide unreadable = Yes
>> store dos attributes = Yes
>> vfs objects = recycle
> You have turned acl_xattr off
I never was able to get the backend = ad working
I only need my user to be able to login to Windows 10 systems from a
domain joined machine.
This is how I add my users:
samba-tool user create lgaga passwd --login-shell /bin/bash --given-name
"Lady Gaga" --home-drive=H --home-directory="\\\SAMBA01\users\lgaga"
Based on this wiki https://wiki.samba.org/index.php/Idmap_config_ad I
tried the bellow configuration again but it did now work. getent passwd
user or id user does not do anything. I think I am missing the
prerequisites when using samba-tool to create the user as above?
Can I use the rid backend when I just want windows users to have file
access?
root at samba01:~# cat /etc/samba/smb.conf
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.HUIGHAVERLAG.NL
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
username map = /usr/local/samba/etc/user.map
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config SAMDOM:backend = rid
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-999999
idmap config SAMDOM:unix_nss_info = yes
# template shell = /bin/bash
# template homedir = /home/%U
idmap config SAMDOM:unix_primary_group = yes
[documenten]
path = /srv/storage/shares
read only = No
create mask = 0660
directory mask = 0770
inherit acls = Yes
map acl inherit = Yes
hide unreadable = Yes
store dos attributes = Yes
vfs objects = recycle
recycle:touch_mtime = Yes
recycle:versions = Yes
recycle:keeptree = Yes
[openbaar]
path = /srv/storage/guestshare
store dos attributes = Yes
writable = yes
printable = no
only guest = yes
public = yes
guest ok = yes
guest only = yes
guest account = nobody
browsable = yes
create mask = 0660
directory mask = 0770
inherit acls = Yes
map acl inherit = Yes
hide unreadable = Yes
store dos attributes = Yes
[users]
path = /srv/storage/users/
read only = No
root preexec = /usr/local/bin/samba-mkdir-home %H %U
[profiles]
path = /srv/storage/profiles/
read only = No
browsable = yes
More information about the samba
mailing list