[Samba] Creating home folders on file server automatically

Udo Willke udo.willke at freenet.de
Tue Jun 13 08:33:43 UTC 2017


Hello Rowland,

Am 12.06.2017 um 19:32 schrieb Rowland Penny via samba:
> On Mon, 12 Jun 2017 10:04:56 -0700
> Luke Barone via samba <samba at lists.samba.org> wrote:
>
>> Hi list,
>>
>> We have a script we are using to create new users, and drop them into
>> the proper OUs on our Samba AD server, using samba-tool. We have a
>> Samba member file server (fs1) joined to the domain for hosting our
>> file shares. On there is also where we are putting the users' home
>> folders.
>>
>> I saw in the Samba Docs, and in the mailing list, that I can use
>> `--home-directory=\\server\directory\$username`. I have that added,
>> pointing to the file server's location. The issue is, the folder does
>> not get created, even when the user logs in.
>>
>> The only way it seems to create the folder is if I go into ADUC on my
>> Admin computer, go into the user's properties, and change the text
>> for the Home Folder to something, then change it back, and hit OK.
>> The correct text shows up initially, but it is not getting created on
>> the member server automatically.
>>
>> Is there a known way to get past this limitation? We add thousands of
>> users each year (school setting).
> You are only doing half the job ;-)
>
> Add:
>
> session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> to /etc/pam.d/common-session on the Unix domain member
>
> NOTE: this on Debian, I believe there is something similar on red-hat
>
> Rowland
>
you suggested this solution to me a while ago. It definitely works, and 
creates a home folder for the user (at least on Ubuntu). However I 
noticed that the permissions of a folder created by the PAM module are 
different from the permissions of a folder created by the RSAT Tool.

I really can't say if this is a relevant issue when the home folder is 
only used to serve files and the user is not supposed to log into that 
server.

In the meantime I use "root preexec" in smb.conf and the following 
script. It creates the folder and mimics the permissions as created by 
the RSAT Tool.

#!/bin/bash
#
# Create Home Folder and mimic ACLs as created by RSAT Tools
#
# use in smb.conf:
#
# [home]
#
# root prexec = path_to/make_home_folder.sh '%D' '%U' '%G' '%H'
#
# ;; %D = Domain or Workgroup of user ($1) --> "SAMDOM"
# ;; %U = Username                    ($2) --> "kbudwi"
# ;; %G = Groupname                   ($3) --> "SAMDOM\domain users"
# ;; %H = Home Directory of User      ($4) --> "/home/kbudwi"
#
#

if [[ $# -ne 4 ]]; then
   echo "Usage: $0 <Domain or Workgroup> <Username> <Groupname> <Home 
Folder>"
   logger "$0: SCRIPT FAILED ARGC=$# ARGV=|$1|$2|$3|$4|"
   exit 1
fi

SN="$(basename "$0"): root prexec"

logger "$SN: Create Samba Home Folder $4: Domain=$1 User=$2 Group=$3"

if [[ -d "$4" ]]; then

     logger "$SN: Folder $4 exists"
     exit

   else

     #  BUILTIN\\administrators == S-1-5-32-544
     #
     BUILTIN_ADMINS_GID=$(wbinfo --sid-to-gid S-1-5-32-544);
     DOMAIN_ADMINS_GID=$(wbinfo --group-info="$1"\\"Domain Admins" | cut 
-d: -f3)

     BID=$(wbinfo --user-info="$1"\\"$2" | cut -d: -f3)
     GID=$(wbinfo --group-info="$3" | cut -d: -f3)

     logger "$SN: Creating folder $4 with UID=$BID and GID=$GID"

     mkdir -p   "$4"
     chown $BID "$4"
     chgrp $GID "$4"
     chmod 0770 "$4"

     logger "$SN: Base directory created: $(ls -ld $4)"

     # Extended User Attributes
     setfacl  -m u:$BID:rwx $4

     # Extended Group Attributes
     setfacl  -m g:$GID:--- $4
     setfacl  -m g:$DOMAIN_ADMINS_GID:rwx "$4"
     setfacl  -m g:$BUILTIN_ADMINS_GID:rwx $4

     # Extended Default Users Attributes
     setfacl  -dm u:$BID:rwx "$4"

     # Extended Default Group Attributes
     setfacl  -dm g:$GID:--- "$4"
     setfacl  -dm g:$DOMAIN_ADMINS_UID:rwx "$4"
     setfacl  -dm g:$BUILTIN_ADMINS_GID:rwx $4

     logger "$SN: setfacl commands executed"

     logger "$SN: Folder $4 created"
     ## getfacl "$4"
fi


Please comment, if you disagree with my solution.

Best regards,

Udo









More information about the samba mailing list