[Samba] Map user home dir using GPO failing

Mason Schmitt mason at ftlcomputing.com
Sun Mar 3 21:58:42 UTC 2019

> > I am trying to auto create and mount home directories using a GPO, as per
> > https://wiki.samba.org/index.php/User_Home_Folders.
> >
> > I currently have home directories being created, through the use of
> > pam_mkhomedir.so. with 'obey pam restrictions = yes' in my smb.conf file.
> > I have also setup the share permissions and Windows ACLs as per the above
> > link.
> >
> > Unfortunately, even though the user's home directory is being created on
> > the samba file server, I cannot see the new folder from Windows and my
> > GPO
> > is not mapping the network drive.  However, the same GPO does
> > successfully
> > map a drive for a different share.
> >
> Whilst you can use a GPO, you don't *need* a GPO to automatically create
> Users Home folders on the samba fileserver and map a drive in Windows.
> In ADUC on the Profile tab, connect the desired drive letter to the path
> to the users home folder, eg \\FILESERVER\USERS\%username%

This is what I'm trying to get away from.  I don't want to have to specify
a home dir drive letter and path for ever user, I'd rather create a new
user and have group policy work out the mapping.

> It is important to use the %username% instead of the actual username -
> that way the folder will get created automatically if it doesn't exist.

When in ADUC, on the profile tab of a user, if I specify the path as
'\\fileserver\users\%username%', Windows immediately replaces '%username%'
with the actual username, so I don't think this is helping anything.  From
what I have experienced, folder creation in Samba has nothing to do with
how a user's profile is setup in Windows.  Folder creation in Samba seems
to require *either *of the following in smb.conf:

   - Specifying a preexec script that will create the home dir and then
   creating the necessary script for samba to call.
   - Specifying ' obey pam restrictions = yes'and then adding'session
   required pam_mkhomedir.so skel=/etc/skel/ umask=0022'to

I chose the latter option.

> Also the correct Windows ACLs must be set on the USERS directory for this
> to work correctly.   See the WiKi at:
> https://wiki.samba.org/index.php/User_Home_Folders for details.

Yes, as indicated in my initial email, I did setup the windows ACLs as per
that wiki page.

Should I perhaps be using a logon script, rather than the GPO map drive

I'm hoping someone is able to shed some light on this issue.  What is
working for others?


More information about the samba mailing list