[Samba] how to use root preexec on user share with %U not as root user

Jelle de Jong jelledejong at powercraft.nl
Thu Apr 30 20:40:47 UTC 2020 

On 2020-04-30 10:12, Rowland penny via samba wrote:
> On 30/04/2020 00:25, Jelle de Jong via samba wrote:
>> Hello everybody,
>>
>> I am trying to get samba 4 to make a user dir without the use of ADUC 
>> to set the homeDirectory, but with samba-tool user create only.
>>
>> I created a root preexec but the %U is filled with root and not the 
>> username of the user.
>>
>> I need to user [users] and not the old [homes] because I got a GPO for 
>> redirection to the //server/users/%USERNAME% and I need this folder to 
>> be created before the first logon of the user otherwise it seems to go 
>> bad.
>>
>> [users]
>>     path = /srv/storage/users/
>>     read only = No
>>     root preexec = /usr/local/bin/samba-mkdir-home %U
>>
>> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/
>> if [ ! -e /srv/storage/users/$1 ]; then
>>     mkdir /srv/storage/users/$1
>>     chown "$1":"domain user" /srv/storage/users/$1
>> fi
>>
>> Kind regards,
>>
>> Jelle de Jong
>>
> Define 'first logon'.
> 
> If it is logging on via ssh or direct to the computer (via lightdm etc), 
> then you need you would use pam_mkhomedir instead
> 
> That doesn't work if just connecting to a Samba share, so you have two 
> options here:
> 
> Create a share:
> 
> [users]
> 
>      path = /path/to/users
> 
>     read only = no
> 
> Restart Samba
> 
> The first option is:
> 
> Go to ADUC, select a user, right click, select 'Options' and then the 
> 'Profiles' tab. At the bottom of the 'Profiles' tab select a letter e.g. 
> 'H:' then the shares UNC e.g. //Samba_servers_hostname/users/username, 
> now click 'Apply', this should create the users homedir on the Samba 
> server.
> 
> The second option relies on adding a line to the share:
> 
>      root preexec = /path/to/a/script %H %U
> 
> This will cause the script to be run whenever a user connects to the 
> share and pass the users homedir path and username to the script. With 
> this option, you do not need to touch the users profile tab in ADUC.

First logon is I use samba-tool to add the user then I go to an Windows 
10 Pro domain member system and logon to the machine. The 
\\SAMBA01\users\lgaga folder will not be there.....

amba-tool user create lgaga passwd --login-shell /bin/bash --given-name 
"Lady Gaga" --home-drive=H --home-directory="\\\SAMBA01\users\lgaga"

Could you or others share (sent) the /path/to/a/script you use because 
when I try to use mine above script the user always is root, and I need 
a smarter script that sets the setfacl correct with Windows ACL instead 
of posix acl.

Kind regards,

Jelle de Jong

More information about the samba mailing list