[Samba] Unable to see home dir
Rob Campbell
robcampbell08105 at gmail.com
Wed Oct 13 22:48:56 UTC 2021
> What creates the homedir ? SSH by itself will not do this, you need to
use pam-mkhomedir.
I used a script I found online and that works. It creates the directory
owned by the user and group domain users. I wasn't sure if this is still
the preferred way of doing it since it first appeared years ago but it does
create the dir with the ad user uid and gid.
# stat username/
File: username/
Size: 64 Blocks: 0 IO Block: 4096 directory
Device: 28h/40d Inode: 1274 Links: 1
Access: (0700/drwx------) Uid: (111123/username) Gid: (110513/domain
users)
Access: 2021-10-13 03:31:06.005020902 -0400
Modify: 2021-10-13 03:31:06.006020881 -0400
Change: 2021-10-13 03:31:06.006020881 -0400
Birth: 2021-10-13 03:31:06.005020902 -0400
[home]
comment = Home Directories
browseable = no
writable = yes
read only = no # newly added
create mask = 0700 # newly added
directory mask = 0700 # newly added
path = /home/INTERNAL/%S
valid users = %S
; valid users = %S %D%w%S
root preexec = /usr/local/sbin/mkhomedir.sh %U
/usr/local/sbin/mkhomedir.sh:
#!/bin/bash
useradd $1
if [ ! -e /home/INTERNAL/$1 ]; then
echo "Creating /home/INTERNAL/$1" >> /etc/samba/create_user.txt
useradd $1 -m -b /home/INTERNAL
#mkdir /home/INTERNAL/$1
#chown $1:"Domain Users" /home/INTERNAL/$1
fi
exit 0
ssh username at localhost
username at localhost's password:
Last failed login: Tue Oct 12 22:17:59 EDT 2021 on tty1
There was 1 failed login attempt since the last successful login.
Could not chdir to home directory /home/INTERNAL/username: Permission denied
Connection to localhost closed.
If I comment out the permissions undf [home]:
sh username at localhost
username at localhost's password:
Last login: Wed Oct 13 18:13:22 2021 from ::1
Connection to localhost closed.
Both times, the directory is created with the same permissions:
la
total 0
drwx--x--x. 1 root root 18 Oct 13 17:55 .
drwxr-xr-x. 1 root root 34 Oct 12 22:29 ..
drwx------ 1 username domain users 64 Oct 13 17:55 username
stat username/
File: username/
Size: 64 Blocks: 0 IO Block: 4096 directory
Device: 28h/40d Inode: 1281 Links: 1
Access: (0700/drwx------) Uid: (111123/username) Gid: (110513/domain
users)
Access: 2021-10-13 17:55:12.679918668 -0400
Modify: 2021-10-13 17:55:12.680918657 -0400
Change: 2021-10-13 17:55:12.680918657 -0400
Birth: 2021-10-13 17:55:12.679918668 -0400
la /home/INTERNAL/username/
total 12K
drwx------ 1 username domain users 64 Oct 13 18:15 .
drwx--x--x. 1 root root 18 Oct 13 18:15 ..
-rw------- 1 username domain users 18 Oct 13 18:15 .bash_logout
-rw------- 1 username domain users 141 Oct 13 18:15 .bash_profile
-rw------- 1 username domain users 492 Oct 13 18:15 .bashrc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
I've added session optional pam_mkhomedir.so to /etc/pam.d/system-auth but
that didn't help.
I didn't try on the DC, I've only been trying on the member that I was able
to join to the domain even though there are still dns issues until now.
ssh username at localhost
username at localhost's password:
Permission denied, please try again.
username at localhost's password:
Permission denied, please try again.
username at localhost's password:
username at localhost: Permission denied (publickey,password).
On Wed, Oct 13, 2021 at 5:01 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 2021-10-13 at 04:27 -0400, Rob Campbell via samba wrote:
> > I am able to ssh user at localhost with the samba user I created from
> > any
> > computer with a working and related smb.conf. ssh
> > sambauser at localhost If
> > there is no linux account it creates the home directory but it
> > doesn't
> > allow the user to log in.
>
> What creates the homedir ? SSH by itself will not do this, you need to
> use pam-mkhomedir.
>
> > I have to create the user on the local machine.
>
> Well stop doing that, you cannot have the user in /etc/passwd and AD,
> the local user will take precedence and have a different ID number.
>
> > I'm not able to have the user local account created when I log in as
> > that
> > user? Every computer I have that I want to allow enterprise login
> > via
> > Gnome
>
> I cannot help you with Gnome, I do not use it.
>
> > (which I haven't gotten to work yet), I will have to create all the
> > users on those computers before people can log in?
>
> No, you need to set up your distro to create the homedir at login, I
> could tell you how to do this if you were using Debian, but you are
> using fedora and I haven't a clue.
>
> >
> > I am able to smbclient //fs01/Photos -c 'ls' -U sambauser and it will
> > show
> > me the files and dirs of that share.
>
> I homedir isn't really a share and you need to use 'root preexec' to
> run a script to create homedirs if you connect via Samba.
>
> > I have a share named home and it will
> > not allow me to see that.
>
> >
> > [home]
> > comment = Home Directories
> > browseable = yes
> > writable = yes
> > path = /home/%D/%U
> > valid users = %U
>
> Change it to this:
>
> [homes]
> comment = Home Directories
> browseable = no
> read only = no
> create mask = 0700
> directory mask = 0700
> valid users = %S
>
> Add a line in [global] similar to this:
>
> template homedir = /home/%U
>
>
> >
> > I've tried setting the path to /home/%U for the user accounts
> > that previously had linux ids and I get the same thing
> > smbclient //fs01/home -U username -c 'ls'
> > Enter INTERNAL\username's password:
> > NT_STATUS_ACCESS_DENIED listing \*
>
> The permissions are probably wrong on the share and the user should be
> connecting to their own share, not the base.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list