[Samba] Users' Home Folders - conflicting advice in WiKi

Roy Eastwood spindles7 at gmail.com
Sat Apr 11 09:59:56 UTC 2020


On 10/04/2020 21:53, Rowland penny wrote:  
> On 10/04/2020 21:25, Alex MacCuish via samba wrote:
> > The way I do it, I create the home folder share on the server and set
> > the required ACLs as in the wiki. Then I fill in the field in the ADUC
> > Pane, Profile Path. Then I click ok. At that point, ADUC should open a
> > connection to the share, create the new folder, set the acl correctly
> > and then change the ownership.
> 
> Hang on, that isn't the users home directory, it is the users Windows profile.
> 
> There are a couple of other attributes possibly in play here:
> 
> homeDirectory
> 
> unixHomeDirectory
> 
> The first is for the path to the Windows home directory, e.g.
> '\\computername\users\username'
> 
> The second is for the path to the Unix home directory, e.g. '/home/username'
> 
> >
> > pam_mkhomedir is for when you're logging in say via SSH and unix needs
> > somewhere to put your dot files. It's not automatically mounted from
> > the user home share. These are two separate concepts. pam_mkhomedir,
> > as far as I know, never automatically creates home directories on the
> > server in the user profile share.
> 
> If you log in using ssh or directly to the computer, then Samba isn't used and either you must create the users home directory, or
use
> pam_mkhomedir to create it for you.
> 
Yes.
> If you connect to a users home directory via Samba, then the users home directory must exist or you need to create it via a 'root
> prexec' script, pam_mkhomedir will not be used.

The script is not required, at least in my setup.  Obviously there's something different on my system compared to yours, but this
has come up before - https://lists.samba.org/archive/samba/2019-October/226432.html, so it works for others as well.  

So it would be interesting to know why your setup doesn't work.   

FWIW, ADUC is running on Windows 10, the Windows ACLs on the share (running on Debian Buster) are: 
Domain Admins, Full control, This folder, subfolders and files
CREATOR OWNER, Full control, Subfolders and files only
SYSTEM, Full control, This folder, subfolders and files
Domain Users, Read and execute, This folder only
(Inheritance disabled)
The share permissions are: Everyone, Full control

HTH
Roy




More information about the samba mailing list