On Thursday, January 6, 2022, 12:31:29 p.m. EST, spindles seven via samba
<samba at lists.samba.org> wrote:
On 06 January 2022 16:18 Rowland Penny via samba wrote:> On Thu, 2022-01-06 at 15:50 +0000, Carl Hunter via samba wrote:
> > Could you explain the statement "providing you have set up the
share
> > correctly using Windows ACLs"?? Would this have been set up when
I
> > ran the classicupgrade?? This does seem like the way to go but I'm
> > not sure what to do with all my current users.? Would they all need
> > to be converted?
>
> If you follow the links I provided earlier, you will set up the ACLs
> correctly.
>
> I think one of the problems here is that there are two possible home
> directories in play here:
> Windows home directories
> Unix home directories
>
> Each is meant for a different reason, the Windows home directory is
> best set through ADUC, this will create the required directory with the
> required permissions.
>
> Unix home directories are just that, the home directory for users that
> log into a Unix machine directly (or via Samba if it already exists, or
> is created using a root preexec script at first connection)
>
> Another problem is that the OP has upgraded an NT4-style domain to an
> AD domain and is still thinking in NT4-style, he needs to forget most
> of what he knows and start thinking in AD. There is similarity between
> an NT4-style domain and an AD domain, but they are very different,
> mostly for the better.
>
> If the OP is only going to have the Samba machine as a DC and
> fileserver (not recommended), then he is constrained by what the DC is
> capable of, he must use the xidNumber IDs (numbers in the 3000000
> range) and cannot use any other rfc2307 attributes.
>
> Rowland
>
Carl,
I agree with all that Rowland says above.? The specific WiKi page for setting up
the Windows ACLs on Home folders is here:
https://wiki.samba.org/index.php/Windows_User_Home_Folders
For your existing users, if you use ADUC and select all the users, then choose
properties, on the Profile Tab, set the home folder path and use %username%
instead of the user names it will create all the users' folders for you if
they don't already exist.? For example if you have the share
"users" on the file server FS1 and you wanted the drive letter H: to
be connected to their home folder when the users log in, then you would use:
Connect H: to \\fs1.samdom.example.com\users\%username%
So for example, for user test1 it will create the folder
\\fs1.samdom.example.com\users\test1 with appropriate Windows ACLs.
Using the fqdn for the server name is recommended but it will probably also work
with just the file server's name.
If the folders already exist, it will just configure the system to use them for
each user but you will need to ensure the permissions are correct otherwise it
will not allow you to set the home folder paths.
HTH
Roy
Maybe what I mean by home folder is confusing things.? I was able to test some
things on my test system and the following is what seems to work.? Again in
quotes because I don't know why carriage returns aren't working.??
"samba-tool user create username password --script-path=logon.cmd"
"samba-tool group addmembers students username" "mkdir
/home/username" "chown -R username:students /home/username"
"chmod -R o-rx /home/username"
I was hoping there was a way to have the mkdir, chown and chmod command
automatically run as part of the other commands.? Is that possible???
Thanks
Carl