[Samba] Ubuntu 18.04 classicupgrade help

Thu Jan 6 17:30:33 UTC 2022

On 06 January 2022 16:18 Rowland Penny via samba wrote:
> On Thu, 2022-01-06 at 15:50 +0000, Carl Hunter via samba wrote:
> > Could you explain the statement "providing you have set up the share
> > correctly using Windows ACLs"?  Would this have been set up when I
> > ran the classicupgrade?  This does seem like the way to go but I'm
> > not sure what to do with all my current users.  Would they all need
> > to be converted?
> 
> If you follow the links I provided earlier, you will set up the ACLs
> correctly.
> 
> I think one of the problems here is that there are two possible home
> directories in play here:
> Windows home directories
> Unix home directories
> 
> Each is meant for a different reason, the Windows home directory is
> best set through ADUC, this will create the required directory with the
> required permissions.
> 
> Unix home directories are just that, the home directory for users that
> log into a Unix machine directly (or via Samba if it already exists, or
> is created using a root preexec script at first connection)
> 
> Another problem is that the OP has upgraded an NT4-style domain to an
> AD domain and is still thinking in NT4-style, he needs to forget most
> of what he knows and start thinking in AD. There is similarity between
> an NT4-style domain and an AD domain, but they are very different,
> mostly for the better.
> 
> If the OP is only going to have the Samba machine as a DC and
> fileserver (not recommended), then he is constrained by what the DC is
> capable of, he must use the xidNumber IDs (numbers in the 3000000
> range) and cannot use any other rfc2307 attributes.
> 
> Rowland
> 
Carl,
I agree with all that Rowland says above.   The specific WiKi page for setting up the Windows ACLs on Home folders is here:

https://wiki.samba.org/index.php/Windows_User_Home_Folders

For your existing users, if you use ADUC and select all the users, then choose properties, on the Profile Tab, set the home folder path and use %username% instead of the user names it will create all the users' folders for you if they don't already exist.   For example if you have the share "users" on the file server FS1 and you wanted the drive letter H: to be connected to their home folder when the users log in, then you would use:

Connect H: to \\fs1.samdom.example.com\users\%username%

So for example, for user test1 it will create the folder \\fs1.samdom.example.com\users\test1 with appropriate Windows ACLs.

Using the fqdn for the server name is recommended but it will probably also work with just the file server's name.

If the folders already exist, it will just configure the system to use them for each user but you will need to ensure the permissions are correct otherwise it will not allow you to set the home folder paths.

HTH

Roy