[Samba] AD home drive
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 14 07:14:38 UTC 2019
2 things.
Hai,
Change [homes] to [users] and create the folder /home/LIN AD-DC's dont like [homes]
Share /home/LIN as [users]
Now, in the AD DC smb.conf, the templates settings are used by default.
template homedir = /home/%D/%U
Which results in your case to : /home/LIN/testhome2
That should do it, but rethink this part of you setup.
You might need to change the pam part a bit, but it should use the homedir found with getent passwd username.
Now above is how i would do it.
For you most simple change is, try : template homedir = /home/%U
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Praveen Ghimire via samba
> Verzonden: vrijdag 14 juni 2019 8:40
> Aan: 'Rowland penny'
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD home drive
>
> Hi Rowland,
>
> I've added the bit to the pam.d and rebooted the server but
> still no go
>
> The following is from the log file for the machine (user is testhome2)
>
> adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$'
> at '/home/%U/samba'
>
> get_auth_event_server: Failed to find 'auth_event' registered
> on the message bus to send JSON authentication events to:
> NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> Adding homes service for user 'LIN\testhome2' using home
> directory: '/home/LIN/testhome2'
>
> canonicalize_connect_path failed for service testhome2, path
> /home/testhome2/samba
>
>
> pam.d/common-session
>
> # here are the per-package modules (the "Primary" block)
> session [default=1] pam_permit.so
> # here's the fallback if no module succeeds
> session requisite pam_deny.so
> # prime the stack with a positive return value if there isn't
> one already;
> # this avoids us returning an error just because nothing sets
> a success code
> # since the modules above will each just jump around
> session required pam_permit.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> # The pam_umask module will set the umask according to the
> system default in
> # /etc/login.defs and user settings, solving the problem of different
> # umask settings with different shells, display managers,
> remote sessions etc.
> # See "man pam_umask".
> session optional pam_umask.so
> # and here are more per-package modules (the "Additional" block)
> session required pam_unix.so
> session optional pam_winbind.so
> session optional pam_systemd.so
> # end of pam-auth-update config
>
> Permissions of /home
>
> drwxr-xr-x 225 root root 225 Jun 14 05:22 home
>
> smb.conf: Home
>
> [homes]
> comment = Home Directories
>
> # create mask = 0700
> # directory mask = 0700
> # browseable = No
> read only = No
> path = /home/%U/samba
> vfs objects = full_audit
> # follow symlinks = yes
> # wide links = yes
>
> Smb.conf: Global
>
> [global]
> workgroup = LIN
> realm = LIN.GROUP
> netbios name = SERVER5
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 4
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
>
>
>
>
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf
> Of Rowland penny via samba
> Sent: Thursday, 13 June 2019 10:00 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] AD home drive
>
> On 13/06/2019 12:42, Praveen Ghimire via samba wrote:
> > Hi ,
> >
> > We have an DC (Ubuntu18.04) which also acts as a file
> server. The server was recently classic upgraded to AD.
> Before that all the home drives were in /home. When we
> migrated to change we added the following in smb.conf to give
> users access to their existing home folders.
> >
> > The problem now is that when we create a user either using
> samba-tool create user username or smbpasswd or even via
> RSAT, it doesn't auto create the home drive. The samba-tool
> create takes the -home-drive directive but doesn't actually
> create the drive. Does this mean we need to create the home
> drive first(i.e /home/username/samba)? If so do we then need
> to setup permissions to those folders manually?
>
> No, you need to add:
>
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> To /etc/pam.d/common-session
>
> Your users will get their homedirs created at first logon.
>
> >
> > [homes]
> > comment = Home Directories
> > path = /home/%U/samba
> > read only = No
> > create mask = 0700
> > directory mask = 0700
> > directory mode = 0700
> > browseable = No
> > wide links = Yes
> > vfs objects = full_audit
>
> I would change the above to:
>
> [homes]
> comment = Home Directories
> path = /home/%U/samba
> read only = No
> vfs objects = full_audit
>
> >
> >
> > The other question is that the /var/log/samba/log.%m file
> has become
> > huge, 9 GB. Following the below , we added the max log size
> = 1000 in
> > smb.conf and did the reload. The log file still hasn't
> rotated. Are we
> > missing something ? The audit level is at 4
> >
> >
> >
> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server
> >
> You will need to set up logrotating, see your distros
> documentation for how to do this
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email
> Security.cloud service.
> For more information please visit
> http://www.symanteccloud.com
> ______________________________________________________________________
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list