[Samba] Users, home directories and profiles

Enrico Morelli morelli at cerm.unifi.it
Tue Jun 30 13:47:54 UTC 2020 

On Tue, 30 Jun 2020 14:53:14 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Check the rights before the folder your trying to change. 
> Im guessing that now has 770, try 771 or 775 or 777
> 
> 

I'm able to create the folder after changing the mode to 777. But this
isn't good because every user is able to create folder inside users, or
not?


Moreover I'm tired, everything I try doesn't work. I created a new
 user with samba-tool. I created the home directory from Windows
computer giving to the new user the full privileges on it.
But if I try to login with the new user I receive:

We can't sign you with this credential because your domain isn't
available. Make sure your device is connected to your organization's
network and try again. If you previously signed in on this device with
another credential, you can sign in with that credential.



> Greetz, 
> 
> Louis
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Enrico Morelli [mailto:morelli at cerm.unifi.it] 
> > Verzonden: dinsdag 30 juni 2020 14:44
> > Aan: samba at lists.samba.org
> > CC: L.P.H. van Belle
> > Onderwerp: Re: [Samba] Users, home directories and profiles
> > 
> > On Tue, 30 Jun 2020 12:00:32 +0200
> > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> >   
> > > Read :
> > >   
> > https://github.com/thctlo/samba4/blob/master/howtos/stretch-ba
> > se-3.3-samba-member-fileserver-rights-example.txt   
> > > 
> > > This Still works for buster and other samba versions ( im   
> > now running  
> > > 4.12.x ) for my servers. 
> > > 
> > > For your profiles; Add : acl_xattr:ignore system acl = yes in
> > > smb.conf on the share where you need it. 
> > > 
> > > Make/set the needed base rigths FROM WITHIN Linux then first
> > > configure the share FROM WITHIN Windows and while your logged in
> > > as DOM\Administrator. And then FROM WITHIN Windows set the   
> > needed rights  
> > > on through security tab. 
> > > 
> > > Done, dont touch it again from linux ( use getfacl to backup the
> > > rights )
> > > 
> > > Because only windows will use profiles and you simple have a
> > > better match in ACL's I do the same for users, but thats a
> > > choice. 
> > > 
> > > I've started on my new server and im writing out the steps, takes
> > > some time.. 
> > >   
> > 
> > 
> > I tried to follow your guide, but when I open the shared from the
> > Windows client I've two problem:
> > 
> > 1) I'm unable to create a folder under users because Windows say
> > that I've no permission to do that (my user is in the Administrator
> > group) 2) when I try to open Security tab the window crash
> >   
> > >   
> > > > > > In the windows log events I've the following error:
> > > > > > the processing of Group Policy failed. Windows could
> > > > > > not     
> > > > resolve the    
> > > > > > user name. This could be caused by one of more of the
> > > > > > following : a) Name Resolution failure on the current domain
> > > > > > controller b) Active Directory Replication Latency
> > > > > >     
> > > About this, enable Wait for Network in windows. 
> > > Its a GPO. 
> > > 
> > > This should get you where you need to be. 
> > > 
> > > 
> > > Greetz, 
> > > 
> > > Louis
> > > 
> > > 
> > > 
> > >   
> > > > -----Oorspronkelijk bericht-----
> > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > > > Enrico Morelli via samba
> > > > Verzonden: dinsdag 30 juni 2020 11:41
> > > > Aan: samba at lists.samba.org
> > > > Onderwerp: Re: [Samba] Users, home directories and profiles
> > > > 
> > > > On Thu, 25 Jun 2020 14:14:46 +0200
> > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > >     
> > > > > On Tue, 23 Jun 2020 14:56:57 +0200
> > > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > > >     
> > > > > > On Tue, 23 Jun 2020 12:37:16 +0200
> > > > > > Enrico Morelli via samba <samba at lists.samba.org> wrote:
> > > > > >       
> > > > > > > On Mon, 22 Jun 2020 13:54:38 +0100
> > > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > > >         
> > > > > > > > On 22/06/2020 13:50, Enrico Morelli wrote:          
> > > > > > > > > On Mon, 22 Jun 2020 11:46:55 +0100
> > > > > > > > > Rowland penny via samba <samba at lists.samba.org> wrote:
> > > > > > > > >            
> > > > > > > > >> On 22/06/2020 11:33, Enrico Morelli
> > > > > > > > >> wrote:            
> > > > > > > > >>> [global]
> > > > > > > > >>> 	dns forwarder = 150.217.1.32
> > > > > > > > >>> 	netbios name = FIORGEN7
> > > > > > > > >>> 	realm = CERM.UNIFI.IT
> > > > > > > > >>> 	server role = active directory domain
> > > > > > > > >>> controller workgroup = CERM
> > > > > > > > >>> 	idmap_ldb:use rfc2307 = yes
> > > > > > > > >>> 	vfs objects = acl_xattr
> > > > > > > > >>> 	map acl inherit = yes            
> > > > > > > > >> Remove the last two lines, they have no place on
> > > > > > > > >> a     
> > > > DC and in    
> > > > > > > > >> fact you have turned off one of the required vfs
> > > > > > > > >> objects.            
> > > > > > > > > Done.
> > > > > > > > >            
> > > > > > > > >>> [homes]
> > > > > > > > >>> 	path = /home/win_shares/homes
> > > > > > > > >>> 	read only = no            
> > > > > > > > >> I would rename [homes] to [users], [homes] is a     
> > > > special share    
> > > > > > > > >> that does not require the 'path' parameter and     
> > > > normally uses    
> > > > > > > > >> the users Unix directory path and you are   
> > using a Windows  
> > > > > > > > >> user home directory path.            
> > > > > > > > > Done.
> > > > > > > > >
> > > > > > > > > All seems to be hard. Now I'm able to see security
> > > > > > > > > tab, but when I select it the application crash.
> > > > > > > > >
> > > > > > > > > I tried to set profile but when I open Active     
> > > > Directory Users    
> > > > > > > > > and Computers I receive: Naming information
> > > > > > > > > cannot     
> > > > be located    
> > > > > > > > > for the following reason: The server is not
> > > > > > > > > operational.
> > > > > > > > >
> > > > > > > > > :-((
> > > > > > > > >
> > > > > > > > >            
> > > > > > > > Firewall or Apparmor or Selinux getting in the way ?
> > > > > > > > 
> > > > > > > > Rowland
> > > > > > > > 
> > > > > > > > 
> > > > > > > >           
> > > > > > > 
> > > > > > > I updated Windows 10 to the latest update, removed
> > > > > > > the     
> > > > Windows PC    
> > > > > > > from the domain and putted it again.
> > > > > > > 
> > > > > > > Now Active Directory Users and Computers doesn't start.
> > > > > > > 
> > > > > > > I'm unable to use Computer Management to perform the     
> > > > steps to set    
> > > > > > > home directories because it crashes.
> > > > > > > 
> > > > > > > I tried to set the homes using File explorer, going
> > > > > > > to     
> > > > the shared    
> > > > > > > resources and creating the home directory but I   
> > receive that I  
> > > > > > > haven't permission to create a folder
> > > > > > > under /home/win_shares/users.
> > > > > > > 
> > > > > > > Before I added my account to Unix Admins and Domain
> > > > > > > Admins. 
> > > > > > > 
> > > > > > > I set log level to 10 but I'm unable to see if   
> > there is issues  
> > > > > > > scrolling thousand of lines.
> > > > > > > 
> > > > > > > I don't know what fish to catch anymore :-((
> > > > > > >         
> > > > > > 
> > > > > > In the windows log events I've the following error:
> > > > > > the processing of Group Policy failed. Windows could
> > > > > > not     
> > > > resolve the    
> > > > > > user name. This could be caused by one of more of the
> > > > > > following : a) Name Resolution failure on the current domain
> > > > > > controller b) Active Directory Replication Latency
> > > > > > 
> > > > > >       
> > > > > 
> > > > > 
> > > > > No ideas?
> > > > > 
> > > > > 
> > > > >     
> > > > 
> > > > At the end I'll to abandon samba :-((
> > > > I'm really sad
> > > > 
> > > > -- 
> > > > -----------------------------------------------------------
> > > >   Enrico Morelli
> > > >   System Administrator | Programmer | Web Developer
> > > > 
> > > >   CERM - Polo Scientifico
> > > >   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> > > > ------------------------------------------------------------
> > > > 
> > > > -- 
> > > > To unsubscribe from this list go to the following URL and read
> > > > the instructions:  https://lists.samba.org/mailman/options/samba
> > > > 
> > > >     
> > > 
> > >   
> > 
> > 
> > 
> > -- 
> > -----------------------------------------------------------
> >   Enrico Morelli
> >   System Administrator | Programmer | Web Developer
> > 
> >   CERM - Polo Scientifico
> >   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> > ------------------------------------------------------------
> > 
> >   
> 
> 



-- 
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------

More information about the samba mailing list