[Samba] AD home drive

Praveen Ghimire PGhimire at sundata.com.au
Fri Jun 14 06:40:06 UTC 2019

Hi Rowland,

I've added the bit to the pam.d and rebooted the server but still no go

The following is from the log file for the machine (user is testhome2)

adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$' at '/home/%U/samba'

get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND

Adding homes service for user 'LIN\testhome2' using home directory: '/home/LIN/testhome2'

canonicalize_connect_path failed for service testhome2, path /home/testhome2/samba


# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional                        pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required        pam_unix.so
session optional                        pam_winbind.so
session optional        pam_systemd.so
# end of pam-auth-update config

Permissions of /home

drwxr-xr-x 225 root root 225 Jun 14 05:22 home

smb.conf: Home 

        comment = Home Directories

#        create mask = 0700
#        directory mask = 0700
#        browseable = No
        read only = No
        path = /home/%U/samba
        vfs objects = full_audit
#        follow symlinks = yes
#        wide links = yes

Smb.conf: Global

        workgroup = LIN
        realm = LIN.GROUP
        netbios name = SERVER5
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 4
        winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba
Sent: Thursday, 13 June 2019 10:00 PM
To: samba at lists.samba.org
Subject: Re: [Samba] AD home drive

On 13/06/2019 12:42, Praveen Ghimire via samba wrote:
> Hi ,
> We have an DC (Ubuntu18.04) which also acts as a file server. The server was recently classic upgraded to AD. Before that all the home drives were in /home. When we migrated to change we added the following in smb.conf to give users access to their existing home folders.
> The problem now is that when we create a user either using samba-tool create user username or smbpasswd or even via RSAT, it doesn't auto create the home drive. The samba-tool create takes the -home-drive directive but doesn't actually create the drive. Does this mean we need to create the home drive first(i.e /home/username/samba)? If so do we then need to setup permissions to those folders manually?

No, you need to add:

session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

To /etc/pam.d/common-session

Your users will get their homedirs created at first logon.

> [homes]
>          comment = Home Directories
>          path = /home/%U/samba
>          read only = No
>          create mask = 0700
>          directory mask = 0700
>          directory mode = 0700
>          browseable = No
>          wide links = Yes
>          vfs objects = full_audit

I would change the above to:

         comment = Home Directories
         path = /home/%U/samba
         read only = No
         vfs objects = full_audit

> The other question is that the /var/log/samba/log.%m file has become 
> huge, 9 GB. Following the below , we added the max log size = 1000 in 
> smb.conf and did the reload. The log file still hasn't rotated. Are we 
> missing something ? The audit level is at 4
> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server
You will need to set up logrotating, see your distros documentation for how to do this


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________

More information about the samba mailing list