[Samba] Member Server Configuration

L.P.H. van Belle belle at bazuin.nl
Fri Nov 10 08:14:51 UTC 2017 

A bit cleaner way to mk_homedir, I would try to avoid changing manualy settings in pam. 

echo "Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required        pam_mkhomedir.so umask=0022 skel=/etc/skel
" > /usr/share/pam-configs/mkhomedir

And run : 
pam-auth-update


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: donderdag 9 november 2017 23:13
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Member Server Configuration
> 
> On Thu, 9 Nov 2017 21:47:11 -0000
> Roy Eastwood via samba <samba at lists.samba.org> wrote:
> 
> > Thanks Rowland.
> > See inline comments.
> > 
> > >On Thu, 9 Nov 2017 17:08:52 -0000
> > >Rowland Penny via samba<samba at lists.samba.org> wrote:
> > > See inline Comments:
> > > 
> > > On Thu, 9 Nov 2017 16:11:49 -0000
> > > Roy Eastwood via samba <samba at lists.samba.org> wrote:
> > > 
> > > > Hi,
> > > > I have a Debian Stretch machine with Louis' samba 4.7.1 package
> > > > installed.  I have configured it as a member server and 
> joined it
> > > > to my test domain.   I tried the idmap rid back end and all
> > > > worked ok, but am now trying the idmap ad back end.   I have
> > > > users' home folders saved to a users share on the member server,
> > > > configured to allow auto-creation of home folders when the
> > > > windows user logs in for the first time.    That's working OK
> > > > after some adjustments to the ntfs and share permissions which
> > > > vary from the samba WiKi page
> > > > (https://wiki.samba.org/index.php/User_Home_Folders ) after
> > > > reading this https://support.microsoft.com/en-gb/help/555046.
> > > > Also if users are allowed to log in locally as a unix 
> user to the
> > > > member server, I found that the unix permissions had to include
> > > > rwx for the domain users group otherwise they are unable to
> > > > access their home folder.        Does the WiKi need updating?
> > > 
> > > Probably not.
> > 
> > OK, fine, but I couldn't get auto-creation of home folders to work
> > with just the settings in the WiKi.
> 
> If you are talking about creating auto-creating users home folders on
> Unix machines, this is quite easy, when you know how ;-)
> 
> Add this line to /etc/pam.d/common-session
> 
> session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> 
> Then when a user logs in, if the users homedir doesn't exist, it will
> be created.
> 
> > > > I either
> > > > allocate a UID/GID in AD - in which case I can log in OK.
> > > > However, if I use the username map parameter in smb.conf along
> > > > with the appropriate file user.map to map administrator to root,
> > > > the WiKi says do not allocate a UID and GID in AD.   So I took
> > > > these off  but I cannot log in now to the member server as
> > > > administrator. Neither does administrator show up in the output
> > > > of getent passwd.
> > > 
> > > Ah, but you are using a user.map, which maps 'Administrator' to
> > > 'root', so guess who you should log onto the Unix machine as ?
> > 
> > Yes, indeed.  Actually I use another user and then sudo, 
> but winds up
> > as the same thing.
> 
> It also works from windows, you can do things from windows on a Unix
> machine, set windows ACLs etc.
> 
> > So the section on the WiKi page for "Mapping the Domain 
> Administrator
> > Account to the local root user" is never going to work for logging
> > onto the member server itself?   I assume therefore this will only
> > apply if the administrator on another member client machine saves
> > files etc, they will be owned by root rather than the Domain
> > Administrator account?   If so I misunderstood the purpose of that
> > section!
> 
> Yes, that is basically how it works, but it goes further, it 
> allows you
> to do the things that Administrator does on Windows, on Unix domain
> members.
> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list