[Samba] Users' Home Folders - conflicting advice in WiKi

Viktor Trojanovic viktor at troja.ch
Fri Apr 10 20:17:35 UTC 2020 

On 10.04.2020 20:22, Rowland penny via samba wrote:
> On 10/04/2020 18:02, Roy Eastwood via samba wrote:
>> Rowland,
>>
>> In the Wiki page "User Home Folders", Section 2.1 "Using Windows ACLs"
>> correctly describes how to set permissions to allow the Windows program
>> Active Directory Users and Computers to automatically create the 
>> user's home
>> folder.   But in the next section  "Creating the Home folder for a 
>> New User"
>> 3.1 "Using Windows ACLs", the blue box states that ADUC cannot 
>> automatically
>> create home folders on a 'unix' machine.   Do you literally mean unix?
>> Certainly on my Linux (Debian) machine it works OK.    Perhaps this 
>> boxed
>> comment needs amendment?
>>
>> Cheers,
>>
>> Roy
>>
> 'unix' = any version of Unix, Linux is a version of Unix.
>
> Are you sure that ADUC is creating the users home directory on your 
> Linux machines ?
>
> As far as I am aware Samba doesn't have the code to do this and ADUC 
> running on Windows has no ability to do it either.
>
> It could be that you have pam_mkhomedir set in your PAM stack and it 
> is this that is creating your users home directories at login.
>
> Myself and Louis collaborated to write a 'root prexec' script to 
> create the users home directory at Samba connection.
>
> To the best of my knowledge, you have to use one or the other method.
>
> Rowland
>
>
Actually, this is something I noticed myself a (long) while ago.

I am running Samba AD members on Arch Linux and Ubuntu machines, and 
whatever PAM-config comes with the distro, if anything, is there, I 
never changed or added anything - frankly, I don't know much about it, 
yet. I checked just now and yes, there is a file /etc/pam.conf with all 
lines commented out and multiple small files in /etc/pam.d/ which I just 
grepped for 'mkdir', 'mkhomedir' and 'home'. No results.

And yet, ADUC is creating the home directories for me. Not fully 
automatically, though, I still have to provide ADUC the full name of the 
folder. But still, it's a lot simpler than stated in the Wiki.

Just fyi, I'm currently on 4.9 and 4.10, respectively, but if I remember 
correctly, this worked already with 4.7.

Viktor

More information about the samba mailing list