[Samba] problem with [homes] share for users with unix logins

Wes Modes wmodes at ucsc.edu
Mon Apr 21 20:18:23 GMT 2008

Thanks for the suggestions.

I wanted unix users (exclusively sysadmins and developers) to still get 
their normal unix login directories.  On the other hand, since this is a 
file server, any connection via samba, should connect people to their 
samba file directories. 

It looks like your suggestion is "ldapsam:trusted = yes" in smb.conf.  
Here's a good explanation from the Samba docs:

    By default, Samba as a Domain Controller with an LDAP backend needs
    to use the Unix-style NSS subsystem to access user and group
    information. Due to the way Unix stores user information in
    /etc/passwd and /etc/group this inevitably leads to inefficiencies.
    One important question a user needs to know is the list of groups he
    is member of. The plain UNIX model involves a complete enumeration
    of the file /etc/group and its NSS counterparts in LDAP. UNIX has
    optimized functions to enumerate group membership. Sadly, other
    functions that are used to deal with user and group attributes lack
    such optimization.

     To make Samba scale well in large environments, the ldapsam:trusted
    = yes option assumes that the complete user and group database that
    is relevant to Samba is stored in LDAP with the standard
    posixAccount/posixGroup attributes. It further assumes that the
    Samba auxiliary object classes are stored together with the POSIX
    data in the same LDAP object. If these assumptions are met,
    ldapsam:trusted = yes can be activated and Samba can bypass the NSS
    system to query user group memberships. Optimized LDAP queries can
    greatly speed up domain logon and administration tasks. Depending on
    the size of the LDAP database a factor of 100 or more for common
    queries is easily achieved.


Gémes Géza wrote:
> >From my memory:
> Unless you use ldapsam trusted = yes parameter samba does an nss lookup
> to find out the details of the user, so you either
> 1. remove local users
> 2. synchronize them to ldap
> 3. configure /etc/nsswitch.conf to look in ldap first then in files
> 4. tell samba to trust the ldap database for nss information with the
> parameter mentioned above.
> Regards
> Geza
>> I have the [homes] section set up in my smb.conf so that
>> \\server.name\user connects to the user's home directory.  Since I am
>> using OpenLDAP as a backend via smbldap-tools, for most users the home
>> directory comes from the homeDirectory variable in OpenLDAP.
>> However, when I have a user who also has a login on the samba machine,
>> that is, an entry in /etc/passwd, Samba seems to ignore the value of
>> homeDirectory and use the entry in /etc/passwd instead.
>> Here is the section from smb.conf
>> [homes]
>>        comment = %u's Personal Share Directory
>>        browseable = no
>>        valid users = %S @admin
>>        write list = %S @admin
>>        create mask = 0600
>>        directory mask = 0700
>> I even tried adding the line
>>        path = /data/home/%S
>> to the [homes] section, but it seems to be ignored.
>> Any suggestions how I can make Samba prefer the value in HomeDirectory
>> over /etc/passwd?
>> Wes


Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services

More information about the samba mailing list