samba - Oct 2015 - Can't get 'root preexec' to run

Hi Rowland,

thank you for your effort! However, this is entirely not what I am 
trying to achieve.

What I am trying to achieve is to get the "prexec" method to work.

The reason behind this is that I would like to have a zfs data set 
created per user in an automatic (scripted) way. The reason behind that 
is that if I do this by hand - from a domain admin account and with the 
ACL recommendations of the Samba wiki (inheritance of owner rights), a 
simple user funnily has no read or write rights on the files and folders 
in his home dir. Apparently, because he wasn't the owner at the time of 
creation of his home dir. But the above-mentioned domain admin account 
is the owner of the users files. And by making him (the user) the owner 
post-hoc I wasn't able to solve this. Samba doesn't seem to recognize 
(inherite) the owner changes properly. Or I'm just too stupid to get 
this done properly.

Now I will try to list my setup and intentions in a step-by-step way as 
you recommended:

- srvA: CentOS 6 Samba 4 DC
- srvB: CentOS 6 domain member file server sharing zfs data sets via 
Samba 4 (not via zfs' built-in module)
- srvC: CentOS 6 domain member compute and terminal server running Samba 
3.6.23
- cliA: Windows 7 domain client, where I do the management via ADUC 
console, and where I can test Windows log-ons
- I want to log on to srvC and cliA and have the same home dir for each 
users
- I want these home dirs to be zfs data sets on srvB (for various 
reasons we probably shouldn't discuss here on the list)

I know in theory, how to achieve this. My script - on the DC - works as 
such if I execute it by hand. It remotely executes commands via ssh 
(public key authentication). My domain is also working correctly 
according to all tests found on the Samba wiki. My only problem is, that 
this darn "preexec" method in the [homes] section of my DC is not 
executing on user logon on srvC or cliA. I have it create two different 
log files depending on success and failure of the first script line that 
begins an if clause containing the rest of the commands. But this log 
file is not created anyhere on the DC.

So, after all, I actually am trying to figure out, why that is.

If I seem unappreciative of your attempt to help me, let me assure you 
that it is not the case. I just figured that it would be enough to ask 
whether someone has an idea of why "preexec" isn't working in my
case.
And that probably is because I am new to this and very likely 
overlooking the obvious here.

Best regards,
Ole



Am 20.10.2015 um 17:15 schrieb Rowland Penny:
> On 15/10/15 11:05, Ole Traupe wrote:
>> Hi,
>>
>> I am trying to automatically create nested zfs data sets as home 
>> directories. I have a script that works fine if I execute it manually 
>> as root (auth via public key). It also creates a short log file in 
>> the same dir.
>>
>> However, this section in my smb.conf (on the DC) doesn't seem to 
>> execute (no data set created, no log file) on user logon (on a member 
>> server):
>>
>> [homes]
>>        comment = User Home Directories
>>        browseable = no
>>        writable = yes
>>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>>
>> What might be the reason? Is this conflicting with rfc2307 use?
>>
>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member 
>> server (where the logon happens; either via ssh or with FreeNX 
>> terminal software) is Version 3.6.23.
>>
>> Is Samba 3 a problem here?
>>
>> Best,
>> Ole
>>
>
> Hmm, struggling to understand just what you are trying to, I think you 
> are trying to do this:
>
> You have the users home directories stored on the DC
> The users log onto a samba member server (running 3.6.23)
> You then expect the users home directory to be created on the DC
>
> Is the above correct, if it isn't, can you state just what you expect 
> to happen, line by line as above.
>
> Rowland
>
>

On 21/10/15 10:07, Ole Traupe wrote:
> Hi Rowland,
>
> thank you for your effort! However, this is entirely not what I am 
> trying to achieve.
>
> What I am trying to achieve is to get the "prexec" method to
work.
>
> The reason behind this is that I would like to have a zfs data set 
> created per user in an automatic (scripted) way. The reason behind 
> that is that if I do this by hand - from a domain admin account and 
> with the ACL recommendations of the Samba wiki (inheritance of owner 
> rights), a simple user funnily has no read or write rights on the 
> files and folders in his home dir. Apparently, because he wasn't the 
> owner at the time of creation of his home dir. But the above-mentioned 
> domain admin account is the owner of the users files. And by making 
> him (the user) the owner post-hoc I wasn't able to solve this. Samba 
> doesn't seem to recognize (inherite) the owner changes properly. Or 
> I'm just too stupid to get this done properly.
>
> Now I will try to list my setup and intentions in a step-by-step way 
> as you recommended:
>
> - srvA: CentOS 6 Samba 4 DC
> - srvB: CentOS 6 domain member file server sharing zfs data sets via 
> Samba 4 (not via zfs' built-in module)
> - srvC: CentOS 6 domain member compute and terminal server running 
> Samba 3.6.23
> - cliA: Windows 7 domain client, where I do the management via ADUC 
> console, and where I can test Windows log-ons
> - I want to log on to srvC and cliA and have the same home dir for 
> each users
> - I want these home dirs to be zfs data sets on srvB (for various 
> reasons we probably shouldn't discuss here on the list)
>
> I know in theory, how to achieve this. My script - on the DC - works 
> as such if I execute it by hand. It remotely executes commands via ssh 
> (public key authentication). My domain is also working correctly 
> according to all tests found on the Samba wiki. My only problem is, 
> that this darn "preexec" method in the [homes] section of my DC
is not
> executing on user logon on srvC or cliA. I have it create two 
> different log files depending on success and failure of the first 
> script line that begins an if clause containing the rest of the 
> commands. But this log file is not created anyhere on the DC.
>
> So, after all, I actually am trying to figure out, why that is.
>
> If I seem unappreciative of your attempt to help me, let me assure you 
> that it is not the case. I just figured that it would be enough to ask 
> whether someone has an idea of why "preexec" isn't working in
my case.
> And that probably is because I am new to this and very likely 
> overlooking the obvious here.
>
> Best regards,
> Ole
>
>
>
> Am 20.10.2015 um 17:15 schrieb Rowland Penny:
>> On 15/10/15 11:05, Ole Traupe wrote:
>>> Hi,
>>>
>>> I am trying to automatically create nested zfs data sets as home 
>>> directories. I have a script that works fine if I execute it 
>>> manually as root (auth via public key). It also creates a short log
>>> file in the same dir.
>>>
>>> However, this section in my smb.conf (on the DC) doesn't seem
to
>>> execute (no data set created, no log file) on user logon (on a 
>>> member server):
>>>
>>> [homes]
>>>        comment = User Home Directories
>>>        browseable = no
>>>        writable = yes
>>>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>>>
>>> What might be the reason? Is this conflicting with rfc2307 use?
>>>
>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member
>>> server (where the logon happens; either via ssh or with FreeNX 
>>> terminal software) is Version 3.6.23.
>>>
>>> Is Samba 3 a problem here?
>>>
>>> Best,
>>> Ole
>>>
>>
>> Hmm, struggling to understand just what you are trying to, I think 
>> you are trying to do this:
>>
>> You have the users home directories stored on the DC
>> The users log onto a samba member server (running 3.6.23)
>> You then expect the users home directory to be created on the DC
>>
>> Is the above correct, if it isn't, can you state just what you
expect
>> to happen, line by line as above.
>>
>> Rowland
>>
>>
>
>
I think you may still be missing the obvious, '[homes]' *does not work* 
on a DC.

Thinking about this, is it possible that your 'root preexec' command is 
being run, but just not when you think it should ?
What I mean is, you think is should be run when a user tries to connect 
to the share, but the share has already been mounted on the client and 
the user connects to that. Try changing the command to something that 
just echo's something to a text file in /tmp on the DC, restart the DC 
and the member server and then see if there is anything in /tmp on the 
DC, if there isn't anything, connect a client and check again, if still 
nothing, then 'root preexec' has problems.

Rowland

Rowland, I apologize: I have overlooked this answer of yours before my 
last post.

 >> I think you may still be missing the obvious,

I was suspecting that.

 >> '[homes]' *does not work* on a DC.

You mean in general or in my assumed use case?



Am 21.10.2015 um 11:27 schrieb Rowland Penny:
> On 21/10/15 10:07, Ole Traupe wrote:
>> Hi Rowland,
>>
>> thank you for your effort! However, this is entirely not what I am 
>> trying to achieve.
>>
>> What I am trying to achieve is to get the "prexec" method to
work.
>>
>> The reason behind this is that I would like to have a zfs data set 
>> created per user in an automatic (scripted) way. The reason behind 
>> that is that if I do this by hand - from a domain admin account and 
>> with the ACL recommendations of the Samba wiki (inheritance of owner 
>> rights), a simple user funnily has no read or write rights on the 
>> files and folders in his home dir. Apparently, because he wasn't
the
>> owner at the time of creation of his home dir. But the 
>> above-mentioned domain admin account is the owner of the users files. 
>> And by making him (the user) the owner post-hoc I wasn't able to 
>> solve this. Samba doesn't seem to recognize (inherite) the owner 
>> changes properly. Or I'm just too stupid to get this done properly.
>>
>> Now I will try to list my setup and intentions in a step-by-step way 
>> as you recommended:
>>
>> - srvA: CentOS 6 Samba 4 DC
>> - srvB: CentOS 6 domain member file server sharing zfs data sets via 
>> Samba 4 (not via zfs' built-in module)
>> - srvC: CentOS 6 domain member compute and terminal server running 
>> Samba 3.6.23
>> - cliA: Windows 7 domain client, where I do the management via ADUC 
>> console, and where I can test Windows log-ons
>> - I want to log on to srvC and cliA and have the same home dir for 
>> each users
>> - I want these home dirs to be zfs data sets on srvB (for various 
>> reasons we probably shouldn't discuss here on the list)
>>
>> I know in theory, how to achieve this. My script - on the DC - works 
>> as such if I execute it by hand. It remotely executes commands via 
>> ssh (public key authentication). My domain is also working correctly 
>> according to all tests found on the Samba wiki. My only problem is, 
>> that this darn "preexec" method in the [homes] section of my
DC is
>> not executing on user logon on srvC or cliA. I have it create two 
>> different log files depending on success and failure of the first 
>> script line that begins an if clause containing the rest of the 
>> commands. But this log file is not created anyhere on the DC.
>>
>> So, after all, I actually am trying to figure out, why that is.
>>
>> If I seem unappreciative of your attempt to help me, let me assure 
>> you that it is not the case. I just figured that it would be enough 
>> to ask whether someone has an idea of why "preexec" isn't
working in
>> my case. And that probably is because I am new to this and very 
>> likely overlooking the obvious here.
>>
>> Best regards,
>> Ole
>>
>>
>>
>> Am 20.10.2015 um 17:15 schrieb Rowland Penny:
>>> On 15/10/15 11:05, Ole Traupe wrote:
>>>> Hi,
>>>>
>>>> I am trying to automatically create nested zfs data sets as
home
>>>> directories. I have a script that works fine if I execute it 
>>>> manually as root (auth via public key). It also creates a short
log
>>>> file in the same dir.
>>>>
>>>> However, this section in my smb.conf (on the DC) doesn't
seem to
>>>> execute (no data set created, no log file) on user logon (on a 
>>>> member server):
>>>>
>>>> [homes]
>>>>        comment = User Home Directories
>>>>        browseable = no
>>>>        writable = yes
>>>>        root preexec = /usr/local/samba/scripts/createzfshome.sh
%U
>>>>
>>>> What might be the reason? Is this conflicting with rfc2307 use?
>>>>
>>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba
member
>>>> server (where the logon happens; either via ssh or with FreeNX 
>>>> terminal software) is Version 3.6.23.
>>>>
>>>> Is Samba 3 a problem here?
>>>>
>>>> Best,
>>>> Ole
>>>>
>>>
>>> Hmm, struggling to understand just what you are trying to, I think 
>>> you are trying to do this:
>>>
>>> You have the users home directories stored on the DC
>>> The users log onto a samba member server (running 3.6.23)
>>> You then expect the users home directory to be created on the DC
>>>
>>> Is the above correct, if it isn't, can you state just what you 
>>> expect to happen, line by line as above.
>>>
>>> Rowland
>>>
>>>
>>
>>
>
> I think you may still be missing the obvious, '[homes]' *does not 
> work* on a DC.
>
> Thinking about this, is it possible that your 'root preexec'
command
> is being run, but just not when you think it should ?
> What I mean is, you think is should be run when a user tries to 
> connect to the share, but the share has already been mounted on the 
> client and the user connects to that. Try changing the command to 
> something that just echo's something to a text file in /tmp on the DC, 
> restart the DC and the member server and then see if there is anything 
> in /tmp on the DC, if there isn't anything, connect a client and check 
> again, if still nothing, then 'root preexec' has problems.
>
> Rowland
>
>