[Samba] Can't get 'root preexec' to run

L.P.H. van Belle belle at bazuin.nl
Thu Oct 22 08:44:04 UTC 2015


Hai, i'll try to explain so here..  

When you use ADUC console. This is what happens.

( for Profile tab in ADUC ) 

The ADUC user creates the user network dir, but only what you set the 
Drive letter:  (connected with) \\servername.domain.tld\users\%username% 
If you set the local pad, its not created.
This folder is created at the moment you clik OK, or Apply. 

For the profil folder, this is NOT created by the ADUC tool, but by the computer where the user is logging off. ( only created at logoff ) 
Normaly you set something like : 
\\servername.domain.tld\profiles\%username%

Users can access these shares.. but only see there own folders IF the share and folder rights are set correctly. 

For example. All my users have 770 on \\servername.domain.tld\users\%username% 
Which gives in my case, username:Domain Users  ( the unix primary group ) 

The share rights tells that "everybody" has all rights.  
( you can change this to domain user for example, but i need everybody ) 

The Access rights ( security tab ) there we set domain users with the advanced settings to : Only this folder. 

So resulted in ( for windows ) user see only there folders, for linux users access to all user folders. Which i need for distributing file etc in user dirs. 

For the profile path 
\\servername.domain.tld\profiles\%username%
Here key is, user "SYSTEM" is use for creating the profiles folders. 
Which is the account the computer users and most importand that "SYSTEM" has all rights. ( and which exists on all windows computers ) 
And the profile folder is created at Logoff, not like the users folder at klik OK/Apply. 
The "LOCAL PATH" is normaly ony used for terminal server. 

The Unix tab 
In this case. 
\\servername.domain.tld\users\%username%  
Which is /home/users/%username% 

Users is shared 
And GID is set to "domain users" 

So hope this is more clear... 

And i really advice to NOT user \\servername\home (or \homes ) 
Why? You can set \\servername\%username% for the user home dir BUT no auto-created home dir. 

And you dont want \\servername\username , for XP this was ok, because of path traversal problems but as Win Vista/7 and up easely blok that. 
(see above) 

Greetz 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> Verzonden: woensdag 21 oktober 2015 18:52
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
> 
> On 21/10/15 17:40, Ole Traupe wrote:
> > On a Windows domain member client in the ADUC console, you specifiy
> > the home dir path that is to be used on Windows machines on the
> > "Profile" tab. As soon as you click 'Ok' (or 'Apply' for that matter),
> > the folder is created (by the DC via your domain admin account) on the
> > Samba server hosting the share the path you provided leads to. Try it,
> > its nice an simple. However, not useful in my case, as I want to
> > create a zfs data set.
> >
> >
> >
> 
> I usually set the users profile attribute directly when creating the
> user and as such, have never used ADUC to do this, but I am still
> struggling to understand how a windows machine can create the full
> directory path to a users profile on a Unix machine.
> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list