[Samba] Restricting access to [homes]

Jonathan Buzzard jonathan at buzzard.me.uk
Thu Apr 12 03:57:13 MDT 2012

On Thu, 2012-04-12 at 11:21 +0200, NdK wrote:
> Hi all.
> Is it just me or there's no way to restrict access to [homes] share to
> members of an AD group? Or is it treated like an ordinary Unix group via
> Winbind mapping? If I use "valid users = %S" (to give access to the home
> only to the owner), every domain user (worse: every user in any trusted
> domain) can access his/her own share... if path exists. That leads to
> the second problem: is it possible to automatically create the home dir
> if it's missing (w/o requiring the user to log on the server)? Sort of
> "pam_mkhomedir" for shares...

Use the exec option for the share to call out a script to create the
home directory and set ownership etc. correctly.

Note if no home directory exists then you cannot access the share, so
your script to create their home directory automatically can test to see
if they are a member of a suitable group.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list