[Samba] Unable to see home dir

Rob Campbell robcampbell08105 at gmail.com
Wed Oct 13 22:48:56 UTC 2021 

> What creates the homedir ? SSH by itself will not do this, you need to
use pam-mkhomedir.
I used a script I found online and that works.  It creates the directory
owned by the user and group domain users.  I wasn't sure if this is still
the preferred way of doing it since it first appeared years ago but it does
create the dir with the ad user uid and gid.

# stat username/
  File: username/
  Size: 64         Blocks: 0          IO Block: 4096   directory
Device: 28h/40d Inode: 1274        Links: 1
Access: (0700/drwx------)  Uid: (111123/username)   Gid: (110513/domain
users)
Access: 2021-10-13 03:31:06.005020902 -0400
Modify: 2021-10-13 03:31:06.006020881 -0400
Change: 2021-10-13 03:31:06.006020881 -0400
 Birth: 2021-10-13 03:31:06.005020902 -0400


[home]
    comment = Home Directories
    browseable = no
    writable = yes
read only = no # newly added
create mask = 0700 # newly added
directory mask = 0700 # newly added
path = /home/INTERNAL/%S
    valid users = %S
; valid users = %S %D%w%S
root preexec = /usr/local/sbin/mkhomedir.sh %U

/usr/local/sbin/mkhomedir.sh:
#!/bin/bash

useradd $1
if [ ! -e /home/INTERNAL/$1 ]; then
echo "Creating /home/INTERNAL/$1" >> /etc/samba/create_user.txt
useradd $1 -m -b /home/INTERNAL
#mkdir /home/INTERNAL/$1
#chown $1:"Domain Users" /home/INTERNAL/$1
fi
exit 0

ssh username at localhost
username at localhost's password:
Last failed login: Tue Oct 12 22:17:59 EDT 2021 on tty1
There was 1 failed login attempt since the last successful login.
Could not chdir to home directory /home/INTERNAL/username: Permission denied
Connection to localhost closed.

If I comment out the permissions undf [home]:
sh username at localhost
username at localhost's password:
Last login: Wed Oct 13 18:13:22 2021 from ::1
Connection to localhost closed.

Both times, the directory is created with the same permissions:
la
total 0
drwx--x--x. 1 root      root         18 Oct 13 17:55 .
drwxr-xr-x. 1 root      root         34 Oct 12 22:29 ..
drwx------  1 username domain users 64 Oct 13 17:55 username

stat username/
  File: username/
  Size: 64         Blocks: 0          IO Block: 4096   directory
Device: 28h/40d Inode: 1281        Links: 1
Access: (0700/drwx------)  Uid: (111123/username)   Gid: (110513/domain
users)
Access: 2021-10-13 17:55:12.679918668 -0400
Modify: 2021-10-13 17:55:12.680918657 -0400
Change: 2021-10-13 17:55:12.680918657 -0400
 Birth: 2021-10-13 17:55:12.679918668 -0400

la /home/INTERNAL/username/
total 12K
drwx------  1 username domain users  64 Oct 13 18:15 .
drwx--x--x. 1 root      root          18 Oct 13 18:15 ..
-rw-------  1 username domain users  18 Oct 13 18:15 .bash_logout
-rw-------  1 username domain users 141 Oct 13 18:15 .bash_profile
-rw-------  1 username domain users 492 Oct 13 18:15 .bashrc

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.

I've added session optional pam_mkhomedir.so to /etc/pam.d/system-auth but
that didn't help.

I didn't try on the DC, I've only been trying on the member that I was able
to join to the domain even though there are still dns issues until now.
ssh username at localhost
username at localhost's password:
Permission denied, please try again.
username at localhost's password:
Permission denied, please try again.
username at localhost's password:
username at localhost: Permission denied (publickey,password).

On Wed, Oct 13, 2021 at 5:01 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 2021-10-13 at 04:27 -0400, Rob Campbell via samba wrote:
> > I am able to ssh user at localhost with the samba user I created from
> > any
> > computer with a working and related smb.conf.  ssh
> > sambauser at localhost  If
> > there is no linux account it creates the home directory but it
> > doesn't
> > allow the user to log in.
>
> What creates the homedir ? SSH by itself will not do this, you need to
> use pam-mkhomedir.
>
> >   I have to create the user on the local machine.
>
> Well stop doing that, you cannot have the user in /etc/passwd and AD,
> the local user will take precedence and have a different ID number.
>
> > I'm not able to have the user local account created when I log in as
> > that
> > user?  Every computer I have that I want to allow enterprise login
> > via
> > Gnome
>
> I cannot help you with Gnome, I do not use it.
>
> >  (which I haven't gotten to work yet), I will have to create all the
> > users on those computers before people can log in?
>
> No, you need to set up your distro to create the homedir at login, I
> could tell you how to do this if you were using Debian, but you are
> using fedora and I haven't a clue.
>
> >
> > I am able to smbclient //fs01/Photos -c 'ls' -U sambauser and it will
> > show
> > me the files and dirs of that share.
>
> I homedir isn't really a share and you need to use 'root preexec' to
> run a script to create homedirs if you connect via Samba.
>
> >   I have a share named home and it will
> > not allow me to see that.
>
> >
> > [home]
> >     comment = Home Directories
> >     browseable = yes
> >     writable = yes
> >     path = /home/%D/%U
> >     valid users = %U
>
> Change it to this:
>
> [homes]
>   comment = Home Directories
>   browseable = no
>   read only = no
>   create mask = 0700
>   directory mask = 0700
>   valid users = %S
>
> Add a line in [global] similar to this:
>
> template homedir = /home/%U
>
>
> >
> > I've tried setting the path to /home/%U for the user accounts
> > that previously had linux ids and I get the same thing
> > smbclient //fs01/home -U username -c 'ls'
> > Enter INTERNAL\username's password:
> > NT_STATUS_ACCESS_DENIED listing \*
>
> The permissions are probably wrong on the share and the user should be
> connecting to their own share, not the base.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list