[Samba] Logon scripts, home directories, and Samba4 AD

Daniel Müller mueller at tropenklinik.de
Wed Jul 3 07:33:13 MDT 2013 

So you authenticate against the samba4 ads with your samba3 is this true?
Then you can do a root preexec and run a script on your samba3 server every
time
the users connect to [homes].
Ex:

[homes]
root preexec = /path-to-script/./user-home-dir %U


Your script user-home-dir (where $1 is the login of the user):

#!/bin/bash
#if exist directory
if test -d /path-to/your-users-home-dirs/$1
then
#put Directory is already there in a log file
echo "$1 Directory already up and running" >>/system/log/eanm.log
else

mkdir  /path-to/your-users-home-dirs/$1
chmod -R 700  /path-to/your-users-home-dirs/$1
chown -R $1:"Domain Users" / path-to/your-users-home-dirs/$1
echo "/path-to/your-users-home-dirs/$1 created" >>/system/log/anm.log
fi


Greetings
Daniel
-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Lee Allen
Gesendet: Mittwoch, 3. Juli 2013 14:56
An: Gémes Géza
Cc: samba at lists.samba.org
Betreff: Re: [Samba] Logon scripts, home directories, and Samba4 AD

Thank you, that works great, and it eliminates the need to create logon
scripts for each user.  That's a big improvement.

ADUC complains it cannot create the folder.  Not surprising, because the
specified folder \\samba3\username does not really exist -- it's a [homes]
share, the true pathname is \\samba3\nas\homes\username.

So I still need to create the directory in the samba3 system, and set
permissions appropriately.

Is there a way around this?  The only solution I can see is to write a
script that will create the necessary directories when a user is created.
 But that wouldn't be simple, because it's on a different server -- the user
is created on the samba4 ADC and the shares are on the samba3 fileserver.


On Wed, Jul 3, 2013 at 3:22 AM, Gémes Géza <geza at kzsdabas.hu> wrote:

> Hi,
>
>> This could do the job
>> Identify the home share on your samba3 fileserver (certain it is 
>> member of your samba4 domain?!) as dfs root
>>
>> Ex:
>> msdfs root= yes
>>
>> On samba4 ads
>> [home]
>>          msdfs proxy= \your-samba3-server\homes
>>          read only = No
>>
>> with rsat point to \your-samba3-server\homes
>>
>> Good luck
>> ------------------------------**-----------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> ------------------------------**-----------------
>>
> Even easier specify \\your-samba3-server\%**USERNAME% as the home 
> folder setting under ADUC for all the users you want (you can even 
> select them set this once) if you also specify home drive H: it will 
> get mounted at that drive letter
>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.** 
>> samba.org <samba-bounces at lists.samba.org>] Im Auftrag von Lee Allen
>> Gesendet: Mittwoch, 3. Juli 2013 00:20
>> An: samba at lists.samba.org; 
>> samba-technical at lists.samba.**org<samba-technical at lists.samba.org>
>> Betreff: [Samba] Logon scripts, home directories, and Samba4 AD
>>
>> I apologize if this appears twice: I posted it several hours ago and 
>> it has not appeared on the list, so I am tweaking the email address 
>> and trying again.
>>
>> I have two separate (virtual) servers: one running Samba4 functioning 
>> as an AD controller, and one running Samba 3.6.1  functioning as a 
>> file & print server.
>>
>> On the Samba3 side I am using security=ads and winbind and 
>> authenticating against the Samba4 ADC.  Everything is working great.
>>
>> Where things get a little messy is with the [homes] shares.
>>
>> Here is what I am doing now:
>>
>> My Samba3 smb.conf has a typical [homes] section.  I create a 
>> subdirectory for each user, and set ownership & permissions.
>>
>> I create a logon script on the Samba4 system -- one for each user, 
>> because the username is embedded in it:
>> net use H: \\samba3\username
>>
>> And then I use RSAT to set the logon script to the correct value for 
>> each user.
>>
>> It's just a lot of steps that need to be performed (perfectly) for 
>> each user.  Is there a better way?
>>
>> I see RSAT allows me to specify a "Home folder".  Could this be a 
>> folder on the Samba3 server -- ie, \\samba3\username ? (I tried that 
>> and it did not
>> work)
>>
>> I can imagine some scripts that would create the logon script on the
>> Samba4
>> system, and create the necessary directories on the Samba3 system.  I 
>> could probably manage that, but I hate to re-invent the wheel --
>>
>> If there is a clean, orthodox way to do this, I would like to know 
>> what it is.
>>
>> Thank you.
>>
>> Lee Allen
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  
>> https://lists.samba.org/**mailman/options/samba<https://lists.samba.o
>> rg/mailman/options/samba>
>>
>>  Regards
>
> Geza Gemes
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba<https://lists.samba.or
> g/mailman/options/samba>
>



--
*Lee Allen*
email: lee at leecallen.com
bus: (716) 773-2729
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list