[Samba] AD home drive
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 14 12:29:43 UTC 2019
In this setup i would say, it affectes all users.
But looking at this again.
> > > The problem now is that when we create a user either using
> > samba-tool create user username or smbpasswd or even via RSAT, it
> > doesn't auto create the home drive. The samba-tool create takes the
> > -home-drive directive but doesn't actually create the
> drive. Does this
> > mean we need to create the home drive first(i.e
> /home/username/samba)?
> > If so do we then need to setup permissions to those folders
> manually?
You can still do that, through RSAT, but that does not work on the DC, at least i've never used it that way.
You server needs to have \\server.fqdn\users ( and dont use the reserved name "homes" )
Which is path /home/users/ , add there youre adding samba users.
If you use RSAT. Use \\servername.fqdn\profiles\%username% for the homedir at tab Profile
And base folder LETTER: \\servername.fqdn\users\%username%
And you shares need the correct rights make this work.
See: https://lists.samba.org/archive/samba/2018-September/218348.html
Its (about) the same for the users folder, depending on the rights you want/need on these folders.
See where above gets you.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Praveen Ghimire [mailto:PGhimire at sundata.com.au]
> Verzonden: vrijdag 14 juni 2019 12:35
> Aan: 'L.P.H. van Belle'
> Onderwerp: RE: [Samba] AD home drive
>
> Hi Louis,
>
> If I change it to template homedir = /home/%U, would it
> affect only the users setup after that? Or any user who don't
> have the home folder
>
>
> Regards,
> Praveen Ghimire
>
>
>
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf
> Of L.P.H. van Belle via samba
> Sent: Friday, 14 June 2019 5:15 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] AD home drive
>
> 2 things.
>
> Hai,
>
> Change [homes] to [users] and create the folder /home/LIN
> AD-DC's dont like [homes] Share /home/LIN as [users]
>
> Now, in the AD DC smb.conf, the templates settings are used
> by default.
>
> template homedir = /home/%D/%U
> Which results in your case to : /home/LIN/testhome2
>
> That should do it, but rethink this part of you setup.
> You might need to change the pam part a bit, but it should
> use the homedir found with getent passwd username.
>
> Now above is how i would do it.
>
> For you most simple change is, try : template homedir = /home/%U
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Praveen
> > Ghimire via samba
> > Verzonden: vrijdag 14 juni 2019 8:40
> > Aan: 'Rowland penny'
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] AD home drive
> >
> > Hi Rowland,
> >
> > I've added the bit to the pam.d and rebooted the server but
> still no
> > go
> >
> > The following is from the log file for the machine (user is
> testhome2)
> >
> > adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$'
> > at '/home/%U/samba'
> >
> > get_auth_event_server: Failed to find 'auth_event'
> registered on the
> > message bus to send JSON authentication events to:
> > NT_STATUS_OBJECT_NAME_NOT_FOUND
> >
> > Adding homes service for user 'LIN\testhome2' using home
> > directory: '/home/LIN/testhome2'
> >
> > canonicalize_connect_path failed for service testhome2, path
> > /home/testhome2/samba
> >
> >
> > pam.d/common-session
> >
> > # here are the per-package modules (the "Primary" block)
> > session [default=1] pam_permit.so
> > # here's the fallback if no module succeeds
> > session requisite pam_deny.so
> > # prime the stack with a positive return value if there isn't one
> > already; # this avoids us returning an error just because
> nothing sets
> > a success code # since the modules above will each just jump around
> > session required pam_permit.so
> > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> > # The pam_umask module will set the umask according to the system
> > default in # /etc/login.defs and user settings, solving the
> problem of
> > different # umask settings with different shells, display managers,
> > remote sessions etc.
> > # See "man pam_umask".
> > session optional pam_umask.so
> > # and here are more per-package modules (the "Additional" block)
> > session required pam_unix.so
> > session optional pam_winbind.so
> > session optional pam_systemd.so
> > # end of pam-auth-update config
> >
> > Permissions of /home
> >
> > drwxr-xr-x 225 root root 225 Jun 14 05:22 home
> >
> > smb.conf: Home
> >
> > [homes]
> > comment = Home Directories
> >
> > # create mask = 0700
> > # directory mask = 0700
> > # browseable = No
> > read only = No
> > path = /home/%U/samba
> > vfs objects = full_audit
> > # follow symlinks = yes
> > # wide links = yes
> >
> > Smb.conf: Global
> >
> > [global]
> > workgroup = LIN
> > realm = LIN.GROUP
> > netbios name = SERVER5
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > log file = /var/log/samba/log.%m
> > log level = 4
> > winbind nss info = rfc2307
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> >
> >
> >
> > -----Original Message-----
> > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of
> > Rowland penny via samba
> > Sent: Thursday, 13 June 2019 10:00 PM
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] AD home drive
> >
> > On 13/06/2019 12:42, Praveen Ghimire via samba wrote:
> > > Hi ,
> > >
> > > We have an DC (Ubuntu18.04) which also acts as a file
> > server. The server was recently classic upgraded to AD.
> > Before that all the home drives were in /home. When we migrated to
> > change we added the following in smb.conf to give users access to
> > their existing home folders.
> > >
> > > The problem now is that when we create a user either using
> > samba-tool create user username or smbpasswd or even via RSAT, it
> > doesn't auto create the home drive. The samba-tool create takes the
> > -home-drive directive but doesn't actually create the
> drive. Does this
> > mean we need to create the home drive first(i.e
> /home/username/samba)?
> > If so do we then need to setup permissions to those folders
> manually?
> >
> > No, you need to add:
> >
> > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> >
> > To /etc/pam.d/common-session
> >
> > Your users will get their homedirs created at first logon.
> >
> > >
> > > [homes]
> > > comment = Home Directories
> > > path = /home/%U/samba
> > > read only = No
> > > create mask = 0700
> > > directory mask = 0700
> > > directory mode = 0700
> > > browseable = No
> > > wide links = Yes
> > > vfs objects = full_audit
> >
> > I would change the above to:
> >
> > [homes]
> > comment = Home Directories
> > path = /home/%U/samba
> > read only = No
> > vfs objects = full_audit
> >
> > >
> > >
> > > The other question is that the /var/log/samba/log.%m file
> > has become
> > > huge, 9 GB. Following the below , we added the max log size
> > = 1000 in
> > > smb.conf and did the reload. The log file still hasn't
> > rotated. Are we
> > > missing something ? The audit level is at 4
> > >
> > >
> > >
> >
> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server
> > >
> > You will need to set up logrotating, see your distros documentation
> > for how to do this
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud
> > service.
> > For more information please visit
> > http://www.symanteccloud.com
> >
> ______________________________________________________________________
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email
> Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
>
More information about the samba
mailing list