[Samba] Unable to see home dir

Patrick Goetz pgoetz at math.utexas.edu
Wed Oct 13 23:24:15 UTC 2021 


On 10/13/21 17:48, Rob Campbell via samba wrote:
>> What creates the homedir ? SSH by itself will not do this, you need to
> use pam-mkhomedir.
> I used a script I found online and that works.  It creates the directory
> owned by the user and group domain users.  I wasn't sure if this is still
> the preferred way of doing it since it first appeared years ago but it does
> create the dir with the ad user uid and gid.
> 
> # stat username/
>    File: username/
>    Size: 64         Blocks: 0          IO Block: 4096   directory
> Device: 28h/40d Inode: 1274        Links: 1
> Access: (0700/drwx------)  Uid: (111123/username)   Gid: (110513/domain
> users)
> Access: 2021-10-13 03:31:06.005020902 -0400
> Modify: 2021-10-13 03:31:06.006020881 -0400
> Change: 2021-10-13 03:31:06.006020881 -0400
>   Birth: 2021-10-13 03:31:06.005020902 -0400
> 
> 
> [home]
>      comment = Home Directories
>      browseable = no
>      writable = yes
> read only = no # newly added


writable = yes
and
read only = no

do exactly the same thing; you don't need both.



> create mask = 0700 # newly added
> directory mask = 0700 # newly added
> path = /home/INTERNAL/%S
>      valid users = %S
> ; valid users = %S %D%w%S
> root preexec = /usr/local/sbin/mkhomedir.sh %U
> 
> /usr/local/sbin/mkhomedir.sh:
> #!/bin/bash
> 
> useradd $1
> if [ ! -e /home/INTERNAL/$1 ]; then
> echo "Creating /home/INTERNAL/$1" >> /etc/samba/create_user.txt
> useradd $1 -m -b /home/INTERNAL
> #mkdir /home/INTERNAL/$1
> #chown $1:"Domain Users" /home/INTERNAL/$1
> fi
> exit 0
> 


I'm not following why you're running useradd -- isn't this machine bound 
to a domain?  Then the user should already exist; you don't wan to add 
them locally. Even less explicable is why useradd is run twice.





> ssh username at localhost
> username at localhost's password:
> Last failed login: Tue Oct 12 22:17:59 EDT 2021 on tty1
> There was 1 failed login attempt since the last successful login.
> Could not chdir to home directory /home/INTERNAL/username: Permission denied
> Connection to localhost closed.
> 
> If I comment out the permissions undf [home]:
> sh username at localhost
> username at localhost's password:
> Last login: Wed Oct 13 18:13:22 2021 from ::1
> Connection to localhost closed.
> 
> Both times, the directory is created with the same permissions:
> la
> total 0
> drwx--x--x. 1 root      root         18 Oct 13 17:55 .
> drwxr-xr-x. 1 root      root         34 Oct 12 22:29 ..
> drwx------  1 username domain users 64 Oct 13 17:55 username
> 
> stat username/
>    File: username/
>    Size: 64         Blocks: 0          IO Block: 4096   directory
> Device: 28h/40d Inode: 1281        Links: 1
> Access: (0700/drwx------)  Uid: (111123/username)   Gid: (110513/domain
> users)
> Access: 2021-10-13 17:55:12.679918668 -0400
> Modify: 2021-10-13 17:55:12.680918657 -0400
> Change: 2021-10-13 17:55:12.680918657 -0400
>   Birth: 2021-10-13 17:55:12.679918668 -0400
> 
> la /home/INTERNAL/username/
> total 12K
> drwx------  1 username domain users  64 Oct 13 18:15 .
> drwx--x--x. 1 root      root          18 Oct 13 18:15 ..
> -rw-------  1 username domain users  18 Oct 13 18:15 .bash_logout
> -rw-------  1 username domain users 141 Oct 13 18:15 .bash_profile
> -rw-------  1 username domain users 492 Oct 13 18:15 .bashrc
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
> 
> I've added session optional pam_mkhomedir.so to /etc/pam.d/system-auth but
> that didn't help.
> 
> I didn't try on the DC, I've only been trying on the member that I was able
> to join to the domain even though there are still dns issues until now.
> ssh username at localhost
> username at localhost's password:
> Permission denied, please try again.
> username at localhost's password:
> Permission denied, please try again.
> username at localhost's password:
> username at localhost: Permission denied (publickey,password).
> 
> On Wed, Oct 13, 2021 at 5:01 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
>> On Wed, 2021-10-13 at 04:27 -0400, Rob Campbell via samba wrote:
>>> I am able to ssh user at localhost with the samba user I created from
>>> any
>>> computer with a working and related smb.conf.  ssh
>>> sambauser at localhost  If
>>> there is no linux account it creates the home directory but it
>>> doesn't
>>> allow the user to log in.
>>
>> What creates the homedir ? SSH by itself will not do this, you need to
>> use pam-mkhomedir.
>>
>>>    I have to create the user on the local machine.
>>
>> Well stop doing that, you cannot have the user in /etc/passwd and AD,
>> the local user will take precedence and have a different ID number.
>>
>>> I'm not able to have the user local account created when I log in as
>>> that
>>> user?  Every computer I have that I want to allow enterprise login
>>> via
>>> Gnome
>>
>> I cannot help you with Gnome, I do not use it.
>>
>>>   (which I haven't gotten to work yet), I will have to create all the
>>> users on those computers before people can log in?
>>
>> No, you need to set up your distro to create the homedir at login, I
>> could tell you how to do this if you were using Debian, but you are
>> using fedora and I haven't a clue.
>>
>>>
>>> I am able to smbclient //fs01/Photos -c 'ls' -U sambauser and it will
>>> show
>>> me the files and dirs of that share.
>>
>> I homedir isn't really a share and you need to use 'root preexec' to
>> run a script to create homedirs if you connect via Samba.
>>
>>>    I have a share named home and it will
>>> not allow me to see that.
>>
>>>
>>> [home]
>>>      comment = Home Directories
>>>      browseable = yes
>>>      writable = yes
>>>      path = /home/%D/%U
>>>      valid users = %U
>>
>> Change it to this:
>>
>> [homes]
>>    comment = Home Directories
>>    browseable = no
>>    read only = no
>>    create mask = 0700
>>    directory mask = 0700
>>    valid users = %S
>>
>> Add a line in [global] similar to this:
>>
>> template homedir = /home/%U
>>
>>
>>>
>>> I've tried setting the path to /home/%U for the user accounts
>>> that previously had linux ids and I get the same thing
>>> smbclient //fs01/home -U username -c 'ls'
>>> Enter INTERNAL\username's password:
>>> NT_STATUS_ACCESS_DENIED listing \*
>>
>> The permissions are probably wrong on the share and the user should be
>> connecting to their own share, not the base.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list