On Wed, 2021-10-13 at 04:27 -0400, Rob Campbell via samba
wrote:> I am able to ssh user at localhost with the samba user I created from
> any
> computer with a working and related smb.conf. ssh
> sambauser at localhost If
> there is no linux account it creates the home directory but it
> doesn't
> allow the user to log in.
What creates the homedir ? SSH by itself will not do this, you need to
use pam-mkhomedir.
> I have to create the user on the local machine.
Well stop doing that, you cannot have the user in /etc/passwd and AD,
the local user will take precedence and have a different ID number.
> I'm not able to have the user local account created when I log in as
> that
> user? Every computer I have that I want to allow enterprise login
> via
> Gnome
I cannot help you with Gnome, I do not use it.
> (which I haven't gotten to work yet), I will have to create all the
> users on those computers before people can log in?
No, you need to set up your distro to create the homedir at login, I
could tell you how to do this if you were using Debian, but you are
using fedora and I haven't a clue.
>
> I am able to smbclient //fs01/Photos -c 'ls' -U sambauser and it
will
> show
> me the files and dirs of that share.
I homedir isn't really a share and you need to use 'root preexec' to
run a script to create homedirs if you connect via Samba.
> I have a share named home and it will
> not allow me to see that.
>
> [home]
> comment = Home Directories
> browseable = yes
> writable = yes
> path = /home/%D/%U
> valid users = %U
Change it to this:
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
Add a line in [global] similar to this:
template homedir = /home/%U
>
> I've tried setting the path to /home/%U for the user accounts
> that previously had linux ids and I get the same thing
> smbclient //fs01/home -U username -c 'ls'
> Enter INTERNAL\username's password:
> NT_STATUS_ACCESS_DENIED listing \*
The permissions are probably wrong on the share and the user should be
connecting to their own share, not the base.
Rowland