[Samba] Automaticaly create User-Home directories for NFS

Daniel Thielking Daniel.Thielking at ias.rwth-aachen.de
Fri May 30 01:39:43 MDT 2014


Hey and good morning,

Sorry that I answer only now but I was on Holiday.

Now I use the 'root preexec' command in the smb.conf and it seems to be 
good.
The problem is that this command only executes after a login from 
windows. But the first login in our environment is in centos and if this 
is happen the script is not executed.


_____________________________________________________

Auszubildender Fachinformatiker für Systemintegration
RWTH Aachen
Lehrstuhl für Integrierte Analogschaltungen
Raum 24C 313
Walter-Schottky-Haus
Sommerfeldstr. 24
D-52074 Aachen

www.ias.rwth-aachen.de

Email: Daniel.Thielking at ias.rwth-aachen.de
Phone: +49-(0)241-80-27771
   FAX: +49-(0)241-80-627771
_____________________________________________________

Am 28.05.2014 14:26, schrieb Daniel Thielking:
> Thank you for your replying.
>
> All our Clients are CentOS 6.5 with Gnome and KDE.
> What I have done is that I use the authconfig-tui tool to add the 
> client to the AD.
> In the files under /etc/pam.d/ who called system-auth, system-auth-ac, 
> password-auth, password-auth-ac there is this module 
> 'pam_mkhomedir.so' already added,
> but if I login with a user and the modules shall create a new 
> directory they don't use the umask and skeldir what I have selected. 
> Any explanation about it.
>
> But this solution is just a little insecure because the client tries 
> to create the homedir with the local root user and this is not alowed 
> with NFS because of root_squash I can give rw rights to the group 
> others but I don't prefer that. Sorry.
>
> _____________________________________________________
>
> Auszubildender Fachinformatiker für Systemintegration
> RWTH Aachen
> Lehrstuhl für Integrierte Analogschaltungen
> Raum 24C 313
> Walter-Schottky-Haus
> Sommerfeldstr. 24
> D-52074 Aachen
>
> www.ias.rwth-aachen.de
>
> Email: Daniel.Thielking at ias.rwth-aachen.de
> Phone: +49-(0)241-80-27771
>   FAX: +49-(0)241-80-627771
> _____________________________________________________
>
> Am 28.05.2014 14:01, schrieb Sven Schwedas:
>> On 2014-05-28 13:52, Daniel Thielking wrote:
>>> Yes I see the user on all my Linux clients.
>>> In which smb.conf should I add the two lines? Clients or Server?
>>> Maybe I'm stupid but where shall I add the pam_mkhomedir.so ..., 
>>> what do
>>> you mean with 'pam common-session'?
>> pam_mkhomedir creates a user's homedir on the first login, which you'll
>> need to register with PAM to be used.
>>
>> For Debian and derivatives you can put http://pastebin.com/Ag6wd4Z5 into
>> /usr/share/pam-configs and activate it with pam-auth-update. Redhat
>> based distributions probably have a similar mechanism.
>>
>> In the end, your PAM configuration needs to have the line
>>> session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
>> active for whatever service(s) you need to authenticate your users.
>>
>>
>>> _____________________________________________________
>>>
>>> Auszubildender Fachinformatiker für Systemintegration
>>> RWTH Aachen
>>> Lehrstuhl für Integrierte Analogschaltungen
>>> Raum 24C 313
>>> Walter-Schottky-Haus
>>> Sommerfeldstr. 24
>>> D-52074 Aachen
>>>
>>> www.ias.rwth-aachen.de
>>>
>>> Email: Daniel.Thielking at ias.rwth-aachen.de
>>> Phone: +49-(0)241-80-27771
>>>    FAX: +49-(0)241-80-627771
>>> _____________________________________________________
>>>
>>> Am 28.05.2014 13:44, schrieb Daniel Müller:
>>>> Winbind is running you see the ads users on your linux box?
>>>> First I think you need in your smb.conf:
>>>> template shell = /bin/bash
>>>> template homedir=/xxx/yyy/%U
>>>>
>>>> in your pam common-session something like that:
>>>>
>>>> session required pam_mkhomedir.so skel=/etc/skel umask=0022
>>>>
>>>> I think this could be the direction.
>>>>
>>>> Good Luck
>>>> Daniel
>>>>
>>>> EDV Daniel Müller
>>>>
>>>> Leitung EDV
>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>> Paul-Lechler-Str. 24
>>>> 72076 Tübingen
>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>> eMail: mueller at tropenklinik.de
>>>> Internet: www.tropenklinik.de
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: samba-bounces at lists.samba.org
>>>> [mailto:samba-bounces at lists.samba.org] Im
>>>> Auftrag von Daniel Thielking
>>>> Gesendet: Mittwoch, 28. Mai 2014 13:24
>>>> An: samba at lists.samba.org
>>>> Betreff: Re: [Samba] Automaticaly create User-Home directories for NFS
>>>>
>>>> Yes I use the rsat but,
>>>>
>>>> I don't want a windows home share.
>>>>
>>>> I need a share what is conform with normal Unix file rights because of
>>>> NFS.
>>>> If I would use the 'rsat tool' than i have special ACL on my
>>>> filesystem and
>>>> NFS is not working with this.
>>>>
>>>> What I think what I need is an automation that, if I create an new
>>>> User with
>>>> rsat and add him to a nisdomain than the homedir would create
>>>> automatically.
>>>> Like the behavior of smbldap-useradd with the parameter -m.
>>>>
>>>>
>>>> _____________________________________________________
>>>>
>>>> Auszubildender Fachinformatiker für Systemintegration RWTH Aachen
>>>> Lehrstuhl
>>>> für Integrierte Analogschaltungen Raum 24C 313 Walter-Schottky-Haus
>>>> Sommerfeldstr. 24
>>>> D-52074 Aachen
>>>>
>>>> www.ias.rwth-aachen.de
>>>>
>>>> Email: Daniel.Thielking at ias.rwth-aachen.de
>>>> Phone: +49-(0)241-80-27771
>>>>      FAX: +49-(0)241-80-627771
>>>> _____________________________________________________
>>>>
>>>> Am 28.05.2014 12:58, schrieb Daniel Müller:
>>>>> Do you use rsat from windows to create the users?
>>>>> Smb.conf:
>>>>> [home]
>>>>> path=/your/home/path
>>>>> read only= no
>>>>>
>>>>> In rsat create the new user/password then klick on properties choose
>>>>> profile, choose connect with, fill in \\youradc\home\%username%
>>>>>
>>>>>
>>>>> EDV Daniel Müller
>>>>>
>>>>> Leitung EDV
>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>> Paul-Lechler-Str. 24
>>>>> 72076 Tübingen
>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>> eMail: mueller at tropenklinik.de
>>>>> Internet: www.tropenklinik.de
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: samba-bounces at lists.samba.org
>>>>> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Daniel 
>>>>> Thielking
>>>>> Gesendet: Mittwoch, 28. Mai 2014 12:23
>>>>> An: samba at lists.samba.org
>>>>> Betreff: [Samba] Automaticaly create User-Home directories for NFS
>>>>>
>>>>> Hello, I have a problem with my Samba4 AD-Controller and NFS. We want
>>>>> to distribute a NFS-Share for our home directory. The problem is that
>>>>> the client is trying to create it on the fly for the first user login
>>>>> but you get 'Permission denied' because of the root_spuash option 
>>>>> of the
>>>> NFS-Server.
>>>>> My question: Is there any posibillity that the normal home directory
>>>>> is created after adding a new user to the ActiveDirectory?
>>>>>
>>>>> -- 
>>>>> _____________________________________________________
>>>>>
>>>>> Auszubildender Fachinformatiker für Systemintegration RWTH Aachen
>>>>> Lehrstuhl für Integrierte Analogschaltungen Raum 24C 313
>>>>> Walter-Schottky-Haus Sommerfeldstr. 24
>>>>> D-52074 Aachen
>>>>>
>>>>> www.ias.rwth-aachen.de
>>>>>
>>>>> Email: Daniel.Thielking at ias.rwth-aachen.de
>>>>> Phone: +49-(0)241-80-27771
>>>>>       FAX: +49-(0)241-80-627771
>>>>> _____________________________________________________
>>>>>
>>>>> -- 
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>
>>
>



More information about the samba mailing list