[Samba] Creating home folders on file server automatically
Udo Willke
udo.willke at freenet.de
Tue Jun 13 08:33:43 UTC 2017
Hello Rowland,
Am 12.06.2017 um 19:32 schrieb Rowland Penny via samba:
> On Mon, 12 Jun 2017 10:04:56 -0700
> Luke Barone via samba <samba at lists.samba.org> wrote:
>
>> Hi list,
>>
>> We have a script we are using to create new users, and drop them into
>> the proper OUs on our Samba AD server, using samba-tool. We have a
>> Samba member file server (fs1) joined to the domain for hosting our
>> file shares. On there is also where we are putting the users' home
>> folders.
>>
>> I saw in the Samba Docs, and in the mailing list, that I can use
>> `--home-directory=\\server\directory\$username`. I have that added,
>> pointing to the file server's location. The issue is, the folder does
>> not get created, even when the user logs in.
>>
>> The only way it seems to create the folder is if I go into ADUC on my
>> Admin computer, go into the user's properties, and change the text
>> for the Home Folder to something, then change it back, and hit OK.
>> The correct text shows up initially, but it is not getting created on
>> the member server automatically.
>>
>> Is there a known way to get past this limitation? We add thousands of
>> users each year (school setting).
> You are only doing half the job ;-)
>
> Add:
>
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> to /etc/pam.d/common-session on the Unix domain member
>
> NOTE: this on Debian, I believe there is something similar on red-hat
>
> Rowland
>
you suggested this solution to me a while ago. It definitely works, and
creates a home folder for the user (at least on Ubuntu). However I
noticed that the permissions of a folder created by the PAM module are
different from the permissions of a folder created by the RSAT Tool.
I really can't say if this is a relevant issue when the home folder is
only used to serve files and the user is not supposed to log into that
server.
In the meantime I use "root preexec" in smb.conf and the following
script. It creates the folder and mimics the permissions as created by
the RSAT Tool.
#!/bin/bash
#
# Create Home Folder and mimic ACLs as created by RSAT Tools
#
# use in smb.conf:
#
# [home]
#
# root prexec = path_to/make_home_folder.sh '%D' '%U' '%G' '%H'
#
# ;; %D = Domain or Workgroup of user ($1) --> "SAMDOM"
# ;; %U = Username ($2) --> "kbudwi"
# ;; %G = Groupname ($3) --> "SAMDOM\domain users"
# ;; %H = Home Directory of User ($4) --> "/home/kbudwi"
#
#
if [[ $# -ne 4 ]]; then
echo "Usage: $0 <Domain or Workgroup> <Username> <Groupname> <Home
Folder>"
logger "$0: SCRIPT FAILED ARGC=$# ARGV=|$1|$2|$3|$4|"
exit 1
fi
SN="$(basename "$0"): root prexec"
logger "$SN: Create Samba Home Folder $4: Domain=$1 User=$2 Group=$3"
if [[ -d "$4" ]]; then
logger "$SN: Folder $4 exists"
exit
else
# BUILTIN\\administrators == S-1-5-32-544
#
BUILTIN_ADMINS_GID=$(wbinfo --sid-to-gid S-1-5-32-544);
DOMAIN_ADMINS_GID=$(wbinfo --group-info="$1"\\"Domain Admins" | cut
-d: -f3)
BID=$(wbinfo --user-info="$1"\\"$2" | cut -d: -f3)
GID=$(wbinfo --group-info="$3" | cut -d: -f3)
logger "$SN: Creating folder $4 with UID=$BID and GID=$GID"
mkdir -p "$4"
chown $BID "$4"
chgrp $GID "$4"
chmod 0770 "$4"
logger "$SN: Base directory created: $(ls -ld $4)"
# Extended User Attributes
setfacl -m u:$BID:rwx $4
# Extended Group Attributes
setfacl -m g:$GID:--- $4
setfacl -m g:$DOMAIN_ADMINS_GID:rwx "$4"
setfacl -m g:$BUILTIN_ADMINS_GID:rwx $4
# Extended Default Users Attributes
setfacl -dm u:$BID:rwx "$4"
# Extended Default Group Attributes
setfacl -dm g:$GID:--- "$4"
setfacl -dm g:$DOMAIN_ADMINS_UID:rwx "$4"
setfacl -dm g:$BUILTIN_ADMINS_GID:rwx $4
logger "$SN: setfacl commands executed"
logger "$SN: Folder $4 created"
## getfacl "$4"
fi
Please comment, if you disagree with my solution.
Best regards,
Udo
More information about the samba
mailing list