[Samba] Unable to set up home share correctly

Udo Willke udo.willke at freenet.de
Tue Oct 18 09:36:32 UTC 2016 

Hello Rowland,

the home folder creation works now(!) It was a misunderstanding on my 
side. The key phrase in the wiki is:

"Close the users properties window with „OK“ to save the modification. 
**The users home directory is created on the fly during the save 
processes.**"

This is a different behaviour as with the "profiles" folders which are 
created during the first login with a new account. I thought it would be 
the same mechanism with the home shares too, which was wrong. Sorry for 
taking so much of your time.

Does folder creation also work when I create user accounts on the linux 
side with samba-tool

samba-tool user create kbuwi first_time_passwd \
   --userou=CN=Users \
   --surname="Willke" \
   --given-name="Udo" \
   --profile-path="\\\\fileserver\\profiles\\kbudwi" \
   --home-drive="H" \
   --home-directory="\\\\fileserver\\home\\kbudwi" \
   --job-title="IT Specialist" \
   --department="Some Department" \
   --company="Some Company" \
   --description="Some Description" \
   --mail-address="Udo.Willke at somedomain.edu" \
   --internet-address="http://somedomain.edu/somepage" \
   --telephone-number="+49 123/4567890" \
   --physical-delivery-office="Some Office" \
   --nis-domain="mydomain" \
   --unix-home="/var/share/samba/homes/kbudwi" \
   --uid="$USERNAME" \
   --uid-number="$uidNumber" \
   --gid-number="$gidNumber" \
   --gecos="$PRENAME $NAME" \
   --login-shell="/bin/false" \
   --must-change-at-next-login


Is the command meant to be used in this way?

What I also noticed is, that wbinfo has the --allocate-gid und 
--allocate-uid options which could be used to assign the $uidNumber and 
$uidNumber variables in my script. However "samba-tool create user" is 
supposed to run as "root" on the DC while "wbinfo --allocate-gid" seems 
to give results only on the member server. Is there a possibility to run 
everything on the same machine? OK, the obvious solution is to execute 
it remotely over ssh.

Many thanks again and best regards

Udo



Am 17.10.2016 um 23:26 schrieb Rowland Penny via samba:
> See inline comments:
>
> On Mon, 17 Oct 2016 23:09:34 +0200
> Udo Willke via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>>>> Today, I followed the wiki page
>>>> <https://wiki.samba.org/index.php/User_home_drives> with all the
>>>> prerequisites. Unfortunately, the automatic home folder creation
>>>> still does not work.
>>> Just followed it myself and it does work against a Samba fileserver.
>> Hmm, then I must be doing it wrong somehow ... :-[
>>> Where do you expect the home directory to be created ?
>> On the Samba member server as defined in the [home] share definition
>> (and also as defined in the user profile (home drive/home share))
>>
>>> Is it on a Samba machine and if so what have you got in smb.conf ?
>> Here comes my smb.conf of the member server == file server
>>
>> [global]
>>       netbios name = FILESERVER2
>>       security = ADS
>>       workgroup = MYDOMAIN
>>       realm = MYDOMAIN.LAN
>>       server string = Virtual Server
>>
>>       log level = 5
>>       log file = /var/log/samba/%m.log
>>
>>       password server = 192.168.6.8
>>
> It would be better if you let Samba find the AD DC
>
>>       dedicated keytab file = /etc/krb5.keytab
>>       kerberos method = secrets and keytab
>>
>>       username map = /etc/samba/user.map
>>
>>       ;; Use settings from AD for login shell and home directory
>>       winbind nss info = rfc2307
>>       winbind trusted domains only = no
>>       winbind use default domain = no
>>       winbind enum users  = yes
>>       winbind enum groups = yes
>>       winbind refresh tickets = Yes
>>       winbind cache time = 60
>>
>>       ;; Default idmap config used for BUILTIN and local
>> accounts/groups idmap config * : backend = tdb
>>       idmap config * : range = 2000-9999
>>
>>       ;; idmap config for domain MYDOMAIN
>>       idmap config MYDOMAIN : backend = ad
>>       idmap config MYDOMAIN : schema_mode = rfc2307
>>       idmap config MYDOMAIN : range = 10000-99999
>>
>>       vfs objects = acl_xattr
>>       map acl inherit = yes
>>       store dos attributes = yes
>>
>>       load printers = no
>>       printing = bsd
>>       printcap name = /dev/null
>>       disable spoolss = yes
>>
>>       template homedir = /var/share/samba/homes/%U
> If you want to use the template line, you do not need the 'schema_mode'
> line in 'idmap config'
>
>>
>> [home]
>>       path = /var/share/samba/homes
>>       guest ok = no
>>       read only = no
>>       browseable = yes
> Sure you are following the wiki page ?, just where on that page does it
> tell you to add 'guest ok' and browseable' lines ??
>
>> [profiles]
>>       path = /var/share/samba/profiles
>>       read only = no
>>       store dos attributes = yes
>>       create mask = 0600
>>       directory mask = 0700
>>       guest ok = no
>>       profile acls = yes
>>       csc policy = disable
> There is also a wiki page on setting up the profile share, see here:
>
> https://wiki.samba.org/index.php/Implementing_roaming_profiles
>
> I would look at the 'shares' wiki page again, follow it to letter,
> adding the users & groups shown, removing any others not shown and see
> if you can make it work.
>
> Rowland
>

More information about the samba mailing list