[Samba] how to use root preexec on user share with %U not as root user

Jelle de Jong jelledejong at powercraft.nl
Thu Apr 30 21:27:10 UTC 2020 


On 2020-04-30 23:14, Rowland penny via samba wrote:
> On 30/04/2020 21:40, Jelle de Jong via samba wrote:
>>
>> First logon is I use samba-tool to add the user then I go to an 
>> Windows 10 Pro domain member system and logon to the machine. The 
>> \\SAMBA01\users\lgaga folder will not be there.....
> It will not be there, samba-tool doesn't have the code to create the 
> users folder, but when created on Windows, Windows does.
>>
>> samba-tool user create lgaga passwd --login-shell /bin/bash 
>> --given-name "Lady Gaga" --home-drive=H 
>> --home-directory="\\\SAMBA01\users\lgaga"
>>
>> Could you or others share (sent) the /path/to/a/script you use because 
>> when I try to use mine above script the user always is root, and I 
>> need a smarter script that sets the setfacl correct with Windows ACL 
>> instead of posix acl.
> 
> The problem is, to get it to work correctly, you need to ensure that you 
> do not change the users homeDirectory attribute (this is what 
> '--home-directory' sets). Also a 'root preexec' script is obviously run 
> as 'root', so of course any directories will be created with root 
> ownership. This means the script needs to change ownership etc.
> 
> I have a script that will give you pointers, it isn't really tested, but 
> you are welcome to a copy.
> 
> Rowland


I did some debugging and found I had a bug in my original script I 
shared "domain user" instead of "domain users" and therefor the owner 
never got changed...

[users]
     path = /srv/storage/users/
     read only = No
     root preexec = /usr/local/bin/samba-mkdir-home %U %H

id $1
if [ $? -eq 0 ] && [ ! -e /srv/storage/users/$1 ]; then
     mkdir /srv/storage/users/$1
     chown "$1":"domain users" /srv/storage/users/$1
fi
exit 0

The %H is indeed not very userful as it it set to /home/SAMDOM/lgaga if 
I do not use template homedir = /home/%U

The --home-drive=H and --home-directory="\\\SAMBA01\users\lgaga" are not 
actually doing anything?? for me, it does set the options in the profile 
and they are visible with ADUC but there is never an network mount H: 
when logon with the user on Windows 10 Pro... I have to use a GPO or 
--script-path=netlogon.bat with net use...

What is the homeDirectory and homeDrive doing in Windows 10 Pro?

Kind regards,

Jelle de Jong

More information about the samba mailing list