[Samba] Member Server Configuration

Roy Eastwood spindles7 at gmail.com
Fri Nov 10 08:37:10 UTC 2017 

Thanks Louis.

> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle via samba
> Sent: 10 November 2017 08:15
> To: samba at lists.samba.org
> Subject: Re: [Samba] Member Server Configuration
> 
> A bit cleaner way to mk_homedir, I would try to avoid changing manualy settings in pam.
> 
> echo "Name: Create home directory during login
> Default: yes
> Priority: 900
> Session-Type: Additional
> Session:
>         required        pam_mkhomedir.so umask=0022 skel=/etc/skel
> " > /usr/share/pam-configs/mkhomedir
> 
> And run :
> pam-auth-update
> 
> 
> Greetz,
> 
> Louis
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland Penny via samba
> > Verzonden: donderdag 9 november 2017 23:13
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Member Server Configuration
> >
> > On Thu, 9 Nov 2017 21:47:11 -0000
> > Roy Eastwood via samba <samba at lists.samba.org> wrote:
> >
> > > Thanks Rowland.
> > > See inline comments.
> > >
> > > >On Thu, 9 Nov 2017 17:08:52 -0000
> > > >Rowland Penny via samba<samba at lists.samba.org> wrote:
> > > > See inline Comments:
> > > >
> > > > On Thu, 9 Nov 2017 16:11:49 -0000
> > > > Roy Eastwood via samba <samba at lists.samba.org> wrote:
> > > >
> > > > > Hi,
> > > > > I have a Debian Stretch machine with Louis' samba 4.7.1 package
> > > > > installed.  I have configured it as a member server and
> > joined it
> > > > > to my test domain.   I tried the idmap rid back end and all
> > > > > worked ok, but am now trying the idmap ad back end.   I have
> > > > > users' home folders saved to a users share on the member server,
> > > > > configured to allow auto-creation of home folders when the
> > > > > windows user logs in for the first time.    That's working OK
> > > > > after some adjustments to the ntfs and share permissions which
> > > > > vary from the samba WiKi page
> > > > > (https://wiki.samba.org/index.php/User_Home_Folders ) after
> > > > > reading this https://support.microsoft.com/en-gb/help/555046.
> > > > > Also if users are allowed to log in locally as a unix
> > user to the
> > > > > member server, I found that the unix permissions had to include
> > > > > rwx for the domain users group otherwise they are unable to
> > > > > access their home folder.        Does the WiKi need updating?
> > > >
> > > > Probably not.
> > >
> > > OK, fine, but I couldn't get auto-creation of home folders to work
> > > with just the settings in the WiKi.
> >
> > If you are talking about creating auto-creating users home folders on
> > Unix machines, this is quite easy, when you know how ;-)
> >
> > Add this line to /etc/pam.d/common-session
> >
> > session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> >
> > Then when a user logs in, if the users homedir doesn't exist, it will
> > be created.
> >
> > > > > I either
> > > > > allocate a UID/GID in AD - in which case I can log in OK.
> > > > > However, if I use the username map parameter in smb.conf along
> > > > > with the appropriate file user.map to map administrator to root,
> > > > > the WiKi says do not allocate a UID and GID in AD.   So I took
> > > > > these off  but I cannot log in now to the member server as
> > > > > administrator. Neither does administrator show up in the output
> > > > > of getent passwd.
> > > >
> > > > Ah, but you are using a user.map, which maps 'Administrator' to
> > > > 'root', so guess who you should log onto the Unix machine as ?
> > >
> > > Yes, indeed.  Actually I use another user and then sudo,
> > but winds up
> > > as the same thing.
> >
> > It also works from windows, you can do things from windows on a Unix
> > machine, set windows ACLs etc.
> >
> > > So the section on the WiKi page for "Mapping the Domain
> > Administrator
> > > Account to the local root user" is never going to work for logging
> > > onto the member server itself?   I assume therefore this will only
> > > apply if the administrator on another member client machine saves
> > > files etc, they will be owned by root rather than the Domain
> > > Administrator account?   If so I misunderstood the purpose of that
> > > section!
> >
> > Yes, that is basically how it works, but it goes further, it
> > allows you
> > to do the things that Administrator does on Windows, on Unix domain
> > members.
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list