[Samba] Can't get 'root preexec' to run

Rowland Penny rowlandpenny241155 at gmail.com
Wed Oct 21 09:27:29 UTC 2015 

On 21/10/15 10:07, Ole Traupe wrote:
> Hi Rowland,
>
> thank you for your effort! However, this is entirely not what I am 
> trying to achieve.
>
> What I am trying to achieve is to get the "prexec" method to work.
>
> The reason behind this is that I would like to have a zfs data set 
> created per user in an automatic (scripted) way. The reason behind 
> that is that if I do this by hand - from a domain admin account and 
> with the ACL recommendations of the Samba wiki (inheritance of owner 
> rights), a simple user funnily has no read or write rights on the 
> files and folders in his home dir. Apparently, because he wasn't the 
> owner at the time of creation of his home dir. But the above-mentioned 
> domain admin account is the owner of the users files. And by making 
> him (the user) the owner post-hoc I wasn't able to solve this. Samba 
> doesn't seem to recognize (inherite) the owner changes properly. Or 
> I'm just too stupid to get this done properly.
>
> Now I will try to list my setup and intentions in a step-by-step way 
> as you recommended:
>
> - srvA: CentOS 6 Samba 4 DC
> - srvB: CentOS 6 domain member file server sharing zfs data sets via 
> Samba 4 (not via zfs' built-in module)
> - srvC: CentOS 6 domain member compute and terminal server running 
> Samba 3.6.23
> - cliA: Windows 7 domain client, where I do the management via ADUC 
> console, and where I can test Windows log-ons
> - I want to log on to srvC and cliA and have the same home dir for 
> each users
> - I want these home dirs to be zfs data sets on srvB (for various 
> reasons we probably shouldn't discuss here on the list)
>
> I know in theory, how to achieve this. My script - on the DC - works 
> as such if I execute it by hand. It remotely executes commands via ssh 
> (public key authentication). My domain is also working correctly 
> according to all tests found on the Samba wiki. My only problem is, 
> that this darn "preexec" method in the [homes] section of my DC is not 
> executing on user logon on srvC or cliA. I have it create two 
> different log files depending on success and failure of the first 
> script line that begins an if clause containing the rest of the 
> commands. But this log file is not created anyhere on the DC.
>
> So, after all, I actually am trying to figure out, why that is.
>
> If I seem unappreciative of your attempt to help me, let me assure you 
> that it is not the case. I just figured that it would be enough to ask 
> whether someone has an idea of why "preexec" isn't working in my case. 
> And that probably is because I am new to this and very likely 
> overlooking the obvious here.
>
> Best regards,
> Ole
>
>
>
> Am 20.10.2015 um 17:15 schrieb Rowland Penny:
>> On 15/10/15 11:05, Ole Traupe wrote:
>>> Hi,
>>>
>>> I am trying to automatically create nested zfs data sets as home 
>>> directories. I have a script that works fine if I execute it 
>>> manually as root (auth via public key). It also creates a short log 
>>> file in the same dir.
>>>
>>> However, this section in my smb.conf (on the DC) doesn't seem to 
>>> execute (no data set created, no log file) on user logon (on a 
>>> member server):
>>>
>>> [homes]
>>>        comment = User Home Directories
>>>        browseable = no
>>>        writable = yes
>>>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>>>
>>> What might be the reason? Is this conflicting with rfc2307 use?
>>>
>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member 
>>> server (where the logon happens; either via ssh or with FreeNX 
>>> terminal software) is Version 3.6.23.
>>>
>>> Is Samba 3 a problem here?
>>>
>>> Best,
>>> Ole
>>>
>>
>> Hmm, struggling to understand just what you are trying to, I think 
>> you are trying to do this:
>>
>> You have the users home directories stored on the DC
>> The users log onto a samba member server (running 3.6.23)
>> You then expect the users home directory to be created on the DC
>>
>> Is the above correct, if it isn't, can you state just what you expect 
>> to happen, line by line as above.
>>
>> Rowland
>>
>>
>
>

I think you may still be missing the obvious, '[homes]' *does not work* 
on a DC.

Thinking about this, is it possible that your 'root preexec' command is 
being run, but just not when you think it should ?
What I mean is, you think is should be run when a user tries to connect 
to the share, but the share has already been mounted on the client and 
the user connects to that. Try changing the command to something that 
just echo's something to a text file in /tmp on the DC, restart the DC 
and the member server and then see if there is anything in /tmp on the 
DC, if there isn't anything, connect a client and check again, if still 
nothing, then 'root preexec' has problems.

Rowland

More information about the samba mailing list