samba - Oct 2015 - Can't get 'root preexec' to run

Rowland, I apologize: I have overlooked this answer of yours before my 
last post.

 >> I think you may still be missing the obvious,

I was suspecting that.

 >> '[homes]' *does not work* on a DC.

You mean in general or in my assumed use case?



Am 21.10.2015 um 11:27 schrieb Rowland Penny:
> On 21/10/15 10:07, Ole Traupe wrote:
>> Hi Rowland,
>>
>> thank you for your effort! However, this is entirely not what I am 
>> trying to achieve.
>>
>> What I am trying to achieve is to get the "prexec" method to
work.
>>
>> The reason behind this is that I would like to have a zfs data set 
>> created per user in an automatic (scripted) way. The reason behind 
>> that is that if I do this by hand - from a domain admin account and 
>> with the ACL recommendations of the Samba wiki (inheritance of owner 
>> rights), a simple user funnily has no read or write rights on the 
>> files and folders in his home dir. Apparently, because he wasn't
the
>> owner at the time of creation of his home dir. But the 
>> above-mentioned domain admin account is the owner of the users files. 
>> And by making him (the user) the owner post-hoc I wasn't able to 
>> solve this. Samba doesn't seem to recognize (inherite) the owner 
>> changes properly. Or I'm just too stupid to get this done properly.
>>
>> Now I will try to list my setup and intentions in a step-by-step way 
>> as you recommended:
>>
>> - srvA: CentOS 6 Samba 4 DC
>> - srvB: CentOS 6 domain member file server sharing zfs data sets via 
>> Samba 4 (not via zfs' built-in module)
>> - srvC: CentOS 6 domain member compute and terminal server running 
>> Samba 3.6.23
>> - cliA: Windows 7 domain client, where I do the management via ADUC 
>> console, and where I can test Windows log-ons
>> - I want to log on to srvC and cliA and have the same home dir for 
>> each users
>> - I want these home dirs to be zfs data sets on srvB (for various 
>> reasons we probably shouldn't discuss here on the list)
>>
>> I know in theory, how to achieve this. My script - on the DC - works 
>> as such if I execute it by hand. It remotely executes commands via 
>> ssh (public key authentication). My domain is also working correctly 
>> according to all tests found on the Samba wiki. My only problem is, 
>> that this darn "preexec" method in the [homes] section of my
DC is
>> not executing on user logon on srvC or cliA. I have it create two 
>> different log files depending on success and failure of the first 
>> script line that begins an if clause containing the rest of the 
>> commands. But this log file is not created anyhere on the DC.
>>
>> So, after all, I actually am trying to figure out, why that is.
>>
>> If I seem unappreciative of your attempt to help me, let me assure 
>> you that it is not the case. I just figured that it would be enough 
>> to ask whether someone has an idea of why "preexec" isn't
working in
>> my case. And that probably is because I am new to this and very 
>> likely overlooking the obvious here.
>>
>> Best regards,
>> Ole
>>
>>
>>
>> Am 20.10.2015 um 17:15 schrieb Rowland Penny:
>>> On 15/10/15 11:05, Ole Traupe wrote:
>>>> Hi,
>>>>
>>>> I am trying to automatically create nested zfs data sets as
home
>>>> directories. I have a script that works fine if I execute it 
>>>> manually as root (auth via public key). It also creates a short
log
>>>> file in the same dir.
>>>>
>>>> However, this section in my smb.conf (on the DC) doesn't
seem to
>>>> execute (no data set created, no log file) on user logon (on a 
>>>> member server):
>>>>
>>>> [homes]
>>>>        comment = User Home Directories
>>>>        browseable = no
>>>>        writable = yes
>>>>        root preexec = /usr/local/samba/scripts/createzfshome.sh
%U
>>>>
>>>> What might be the reason? Is this conflicting with rfc2307 use?
>>>>
>>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba
member
>>>> server (where the logon happens; either via ssh or with FreeNX 
>>>> terminal software) is Version 3.6.23.
>>>>
>>>> Is Samba 3 a problem here?
>>>>
>>>> Best,
>>>> Ole
>>>>
>>>
>>> Hmm, struggling to understand just what you are trying to, I think 
>>> you are trying to do this:
>>>
>>> You have the users home directories stored on the DC
>>> The users log onto a samba member server (running 3.6.23)
>>> You then expect the users home directory to be created on the DC
>>>
>>> Is the above correct, if it isn't, can you state just what you 
>>> expect to happen, line by line as above.
>>>
>>> Rowland
>>>
>>>
>>
>>
>
> I think you may still be missing the obvious, '[homes]' *does not 
> work* on a DC.
>
> Thinking about this, is it possible that your 'root preexec'
command
> is being run, but just not when you think it should ?
> What I mean is, you think is should be run when a user tries to 
> connect to the share, but the share has already been mounted on the 
> client and the user connects to that. Try changing the command to 
> something that just echo's something to a text file in /tmp on the DC, 
> restart the DC and the member server and then see if there is anything 
> in /tmp on the DC, if there isn't anything, connect a client and check 
> again, if still nothing, then 'root preexec' has problems.
>
> Rowland
>
>

On 21/10/15 12:13, Ole Traupe wrote:
> Rowland, I apologize: I have overlooked this answer of yours before my 
> last post.
>
> >> I think you may still be missing the obvious,
>
> I was suspecting that.
>
> >> '[homes]' *does not work* on a DC.
>
> You mean in general or in my assumed use case?
>
>
>
I am now beginning to think it doesn't work at all, if samba4 is 
involved in any way. I knew that it wouldn't work on a DC (probably 
because the user is DOMAIN\username and not just username), but from my 
experiment (see my earlier post) it doesn't seem to work at all, try 
your setup with '[home]' and a path line.

Rowland

Hi,

On 10/21/2015 01:21 PM, Rowland Penny wrote:
> I am now beginning to think it doesn't work at all, if samba4 is
> involved in any way. I knew that it wouldn't work on a DC (probably
> because the user is DOMAIN\username and not just username), but from my
> experiment (see my earlier post) it doesn't seem to work at all, try
> your setup with '[home]' and a path line.
>
> Rowland
>
Probably I misunderstand the above, but I can only say: we're on 
samba4.1.17, and on our fileserver we use this:
> [homes]
> 	root preexec = /usr/local/sbin/mkhomedir.sh %U
> 	comment=Home directory for %S
> 	read only = No
> 	browseable = No
> 	create mask = 0770
> 	directory mask = 0770
And this works as expected: the preexec runs, and the homes share gives 
us per user home folders.

MJ

Rowland, thanks for your effort, I highly appreciate it!

 From what I had read before...

[home] would be an arbitrarily named share and its preexec command would 
execute whenever a domain user connects to it
[homes] is a special purpose section in the smb.conf that comes into 
play whenever a domain user connects to his or her home dir defined on 
the DC

What MJ is telling seems to confirm this distinction.

(continued in my response to him)



Am 21.10.2015 um 13:21 schrieb Rowland Penny:
> On 21/10/15 12:13, Ole Traupe wrote:
>> Rowland, I apologize: I have overlooked this answer of yours before 
>> my last post.
>>
>> >> I think you may still be missing the obvious,
>>
>> I was suspecting that.
>>
>> >> '[homes]' *does not work* on a DC.
>>
>> You mean in general or in my assumed use case?
>>
>>
>>
>
> I am now beginning to think it doesn't work at all, if samba4 is 
> involved in any way. I knew that it wouldn't work on a DC (probably 
> because the user is DOMAIN\username and not just username), but from 
> my experiment (see my earlier post) it doesn't seem to work at all, 
> try your setup with '[home]' and a path line.
>
> Rowland
>