[Samba] Map user home dir using GPO failing
mason at ftlcomputing.com
Sun Mar 3 21:58:42 UTC 2019
> > I am trying to auto create and mount home directories using a GPO, as per
> > https://wiki.samba.org/index.php/User_Home_Folders.
> > I currently have home directories being created, through the use of
> > pam_mkhomedir.so. with 'obey pam restrictions = yes' in my smb.conf file.
> > I have also setup the share permissions and Windows ACLs as per the above
> > link.
> > Unfortunately, even though the user's home directory is being created on
> > the samba file server, I cannot see the new folder from Windows and my
> > GPO
> > is not mapping the network drive. However, the same GPO does
> > successfully
> > map a drive for a different share.
> Whilst you can use a GPO, you don't *need* a GPO to automatically create
> Users Home folders on the samba fileserver and map a drive in Windows.
> In ADUC on the Profile tab, connect the desired drive letter to the path
> to the users home folder, eg \\FILESERVER\USERS\%username%
This is what I'm trying to get away from. I don't want to have to specify
a home dir drive letter and path for ever user, I'd rather create a new
user and have group policy work out the mapping.
> It is important to use the %username% instead of the actual username -
> that way the folder will get created automatically if it doesn't exist.
When in ADUC, on the profile tab of a user, if I specify the path as
'\\fileserver\users\%username%', Windows immediately replaces '%username%'
with the actual username, so I don't think this is helping anything. From
what I have experienced, folder creation in Samba has nothing to do with
how a user's profile is setup in Windows. Folder creation in Samba seems
to require *either *of the following in smb.conf:
- Specifying a preexec script that will create the home dir and then
creating the necessary script for samba to call.
- Specifying ' obey pam restrictions = yes'and then adding'session
required pam_mkhomedir.so skel=/etc/skel/ umask=0022'to
I chose the latter option.
> Also the correct Windows ACLs must be set on the USERS directory for this
> to work correctly. See the WiKi at:
> https://wiki.samba.org/index.php/User_Home_Folders for details.
Yes, as indicated in my initial email, I did setup the windows ACLs as per
that wiki page.
Should I perhaps be using a logon script, rather than the GPO map drive
I'm hoping someone is able to shed some light on this issue. What is
working for others?
More information about the samba