Jelle de Jong
2020-Apr-29  23:25 UTC
[Samba] how to use root preexec on user share with %U not as root user
Hello everybody,
I am trying to get samba 4 to make a user dir without the use of ADUC to 
set the homeDirectory, but with samba-tool user create only.
I created a root preexec but the %U is filled with root and not the 
username of the user.
I need to user [users] and not the old [homes] because I got a GPO for 
redirection to the //server/users/%USERNAME% and I need this folder to 
be created before the first logon of the user otherwise it seems to go bad.
[users]
     path = /srv/storage/users/
     read only = No
     root preexec = /usr/local/bin/samba-mkdir-home %U
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/
if [ ! -e /srv/storage/users/$1 ]; then
     mkdir /srv/storage/users/$1
     chown "$1":"domain user" /srv/storage/users/$1
fi
Kind regards,
Jelle de Jong
Rowland penny
2020-Apr-30  08:12 UTC
[Samba] how to use root preexec on user share with %U not as root user
On 30/04/2020 00:25, Jelle de Jong via samba wrote:> Hello everybody, > > I am trying to get samba 4 to make a user dir without the use of ADUC > to set the homeDirectory, but with samba-tool user create only. > > I created a root preexec but the %U is filled with root and not the > username of the user. > > I need to user [users] and not the old [homes] because I got a GPO for > redirection to the //server/users/%USERNAME% and I need this folder to > be created before the first logon of the user otherwise it seems to go > bad. > > [users] > ??? path = /srv/storage/users/ > ??? read only = No > ??? root preexec = /usr/local/bin/samba-mkdir-home %U > > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/ > if [ ! -e /srv/storage/users/$1 ]; then > ??? mkdir /srv/storage/users/$1 > ??? chown "$1":"domain user" /srv/storage/users/$1 > fi > > Kind regards, > > Jelle de Jong >Define 'first logon'. If it is logging on via ssh or direct to the computer (via lightdm etc), then you need you would use pam_mkhomedir instead That doesn't work if just connecting to a Samba share, so you have two options here: Create a share: [users] ??? path = /path/to/users ?? read only = no Restart Samba The first option is: Go to ADUC, select a user, right click, select 'Options' and then the 'Profiles' tab. At the bottom of the 'Profiles' tab select a letter e.g. 'H:' then the shares UNC e.g. //Samba_servers_hostname/users/username, now click 'Apply', this should create the users homedir on the Samba server. The second option relies on adding a line to the share: ??? root preexec = /path/to/a/script %H %U This will cause the script to be run whenever a user connects to the share and pass the users homedir path and username to the script. With this option, you do not need to touch the users profile tab in ADUC. Rowland
Alex MacCuish
2020-Apr-30  12:44 UTC
[Samba] how to use root preexec on user share with %U not as root user
Just thought I'd add something. If I remember correctly, you wouldn't necessarily see the creation of redirected folders on first login unless you've configured GP application to be synchronous (wait on network). I believe the default (though it varies by Windows version), is that because of asynchronous GP application, redirected folders only start working on the second login. With regards to the profile folder, again I can't remember exactly, but I believe on logon, Windows will lookup the profile so it can download it. It won't find one on first logon, so Windows creates a profile locally, which is then uploaded as normal at the end of the session on logoff to the profile path. After that, the profile is then downloaded again on next login. As many have said in this thread, the profile path, home directory and redirected folder are all different things that can be made to work together, but it's important to understand what they all do. E.g. in my network, I have the "home directory" set to a folder per user in a share. The profile path is then set to a folder WITHIN this folder. Finally, I redirect certain folders to this user folder. On 30/04/2020 00:25, Jelle de Jong via samba wrote:> Hello everybody, > > I am trying to get samba 4 to make a user dir without the use of ADUC > to set the homeDirectory, but with samba-tool user create only. > > I created a root preexec but the %U is filled with root and not the > username of the user. > > I need to user [users] and not the old [homes] because I got a GPO for > redirection to the //server/users/%USERNAME% and I need this folder to > be created before the first logon of the user otherwise it seems to go > bad. > > [users] > ??? path = /srv/storage/users/ > ??? read only = No > ??? root preexec = /usr/local/bin/samba-mkdir-home %U > > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/ > if [ ! -e /srv/storage/users/$1 ]; then > ??? mkdir /srv/storage/users/$1 > ??? chown "$1":"domain user" /srv/storage/users/$1 > fi > > Kind regards, > > Jelle de Jong >
Jelle de Jong
2020-Apr-30  20:40 UTC
[Samba] how to use root preexec on user share with %U not as root user
On 2020-04-30 10:12, Rowland penny via samba wrote:> On 30/04/2020 00:25, Jelle de Jong via samba wrote: >> Hello everybody, >> >> I am trying to get samba 4 to make a user dir without the use of ADUC >> to set the homeDirectory, but with samba-tool user create only. >> >> I created a root preexec but the %U is filled with root and not the >> username of the user. >> >> I need to user [users] and not the old [homes] because I got a GPO for >> redirection to the //server/users/%USERNAME% and I need this folder to >> be created before the first logon of the user otherwise it seems to go >> bad. >> >> [users] >> ??? path = /srv/storage/users/ >> ??? read only = No >> ??? root preexec = /usr/local/bin/samba-mkdir-home %U >> >> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin/ >> if [ ! -e /srv/storage/users/$1 ]; then >> ??? mkdir /srv/storage/users/$1 >> ??? chown "$1":"domain user" /srv/storage/users/$1 >> fi >> >> Kind regards, >> >> Jelle de Jong >> > Define 'first logon'. > > If it is logging on via ssh or direct to the computer (via lightdm etc), > then you need you would use pam_mkhomedir instead > > That doesn't work if just connecting to a Samba share, so you have two > options here: > > Create a share: > > [users] > > ??? path = /path/to/users > > ?? read only = no > > Restart Samba > > The first option is: > > Go to ADUC, select a user, right click, select 'Options' and then the > 'Profiles' tab. At the bottom of the 'Profiles' tab select a letter e.g. > 'H:' then the shares UNC e.g. //Samba_servers_hostname/users/username, > now click 'Apply', this should create the users homedir on the Samba > server. > > The second option relies on adding a line to the share: > > ??? root preexec = /path/to/a/script %H %U > > This will cause the script to be run whenever a user connects to the > share and pass the users homedir path and username to the script. With > this option, you do not need to touch the users profile tab in ADUC.First logon is I use samba-tool to add the user then I go to an Windows 10 Pro domain member system and logon to the machine. The \\SAMBA01\users\lgaga folder will not be there..... amba-tool user create lgaga passwd --login-shell /bin/bash --given-name "Lady Gaga" --home-drive=H --home-directory="\\\SAMBA01\users\lgaga" Could you or others share (sent) the /path/to/a/script you use because when I try to use mine above script the user always is root, and I need a smarter script that sets the setfacl correct with Windows ACL instead of posix acl. Kind regards, Jelle de Jong
Possibly Parallel Threads
- how to use root preexec on user share with %U not as root user
- how to use root preexec on user share with %U not as root user
- steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
- steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
- default backend = rid not showing full group information for users