samba - Feb 2005 - Help configuring Samba-3 to share $HOME directories

I'm looking for help configuring Samba-3 to allow me to share out home
directories from a UNIX host to Windows XP clients so that my Windows
domain users can read and write to their home directories on the UNIX
host.

I've attempted to follow the examples in "Samba-3 by Example" to
no
success. I've also followed the tutorial:
http://bob.rasey.net/archives/000137.html, which got me pretty far, but
not far enough.

Right now I can get to the point where I can browse to the Samba server
on the Windows network, and view my home directory share. But the only
way I can connect to the server is if I change the UNIX permission on
the directory to 755.

This is not the behavior I want.

Ideally I want to allow users to have a UNIX account, independent of
their Windows domain account. I would like a user who has authenticated
themselves on the domain to be able to browse out to a server and view
the home directory of the UNIX account with the same account name (or
properly mapped via smbusers). I also want the home directory to be the
one listed in /etc/passwd and not constructed from the username and the
'template homedir' directive.

Unfortunately this 'template homedir' directive seems necessary
otherwise Samba tries to chdir to /home/DOMAIN/user.

With Samba-2 this was possible, and quite simple, and I'd like to be
able to work this in Samba-3 as well.

Is this possible?

I've included the smb.conf and krb5.conf for my Samba-3 server, and
also the smb.conf for my working Samba-2 server.

=== Samba-3 smb.conf ==
# Samba 3.0.9
[global]
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = Samba3 Server
        security = ADS
        username map = /etc/samba/smbusers
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        wins server = 10.10.1.101
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind use default domain = Yes

[homes]
        comment = Home Directories
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No

=== krb5.conf ==
[libdefaults]
        default_realm = DOMAIN.COM

[realms]
        DOMAIN.COM = {
                kdc = ads1.domain.com
        }

[domain_realm]
        .DOMAIN.com = DOMAIN.COM
        DOMAIN.com = DOMAIN.COM

=== Samba-2 smb.conf ==# Samba 2.2.7
[global]
   workgroup = DOMAIN
   server string = Samba2 Server
   log file = /var/log/samba/%m.log
   max log size = 0
   security = server
   password server = ads1
   encrypt passwords = yes
   username map = /etc/samba/smbusers
   obey pam restrictions = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775


Thanks,
Chris

Chris Heller wrote:
> Ideally I want to allow users to have a UNIX account, independent of
> their Windows domain account. 
Why make life so complicated? If you keep the account name the same, the default
homes share just plain works. I tweaked mine a bit to lock the Win client into a
subdir of the Linux home dir. That way
Windows is not able to see Linux config files, but files needing to be shared
can be placed under .../WinHome on the Linux side.

[homes]
    comment = %U's Home Directory
    volume = home
    path = %H/WinHome
    browseable = no
    read only = no
    create mask = 0600
    directory mask = 0700


-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.