samba - Jan 2007 - Making Home Directory available for Windows Users

Hello,

Situation:
We are in a school class every student logs on with the same account. Until 
now we had Shares that were accessable for everybody and it was therefore 
possible to look into and edit/delete other's files.

Plan:
Create a share that can be clicked on which then asks for User/Pass and 
directly maps to the User's home Directory upon auth. User auth is done 
through LDAP which works already.

Example:
Sharename: homedir
User clicks on e.g. \\fileserver\homedir and is asked for User/Pass, after 
entering 'examplestudent1'/hispassword he sees /home/examplestudent1 .

Possible approach 1:
[homes]
        comment = Home Directories
        valid users = %S
        browseable = No
        read only = No
        inherit acls = Yes

The Problem with this one is, that the User would have to type 
\\fileserver\examplestudent1 to get to his Homedir, which is _not_ wanted. Or 
can this one be modified?

Possible approach 2:
[homedir]
        comment = Home Directories
        read only = No
        browseable = Yes
        path = /home/%u

This seems to work, but is it secure enough? What about 'valid users'?
The
computers are shut down after each lesson, so there won't be the case that a
old session is still alive.

Requirements:
A share that always has the same name (e.g. homedir) but behind that there is 
the user's homedir or a share that lists /home and asks for a User/Pass for 
each dir you click on. I know this is party done by setting appropriate 
rights on the home dirs (700).

I hope I made everything clear :) Thanks alot for your ideas!
-- 
Greetings
 Alexander Schaber
 http://www.alexanderschaber.de/

Hello,

I am pretty sure this is described somewhere in the official docs, but
anyway:
Your approach #1 should work well. The [homes] section is accessible by
clients using *either*
\\<servername>\<username> or
\\<servername>\homes

No modifications to your example necessary.

Bye,
Andreas

Alexander Schaber schrieb:
> Hello,
>
> Situation:
> We are in a school class every student logs on with the same account. Until
> now we had Shares that were accessable for everybody and it was therefore 
> possible to look into and edit/delete other's files.
>
> Plan:
> Create a share that can be clicked on which then asks for User/Pass and 
> directly maps to the User's home Directory upon auth. User auth is done
> through LDAP which works already.
>
> Example:
> Sharename: homedir
> User clicks on e.g. \\fileserver\homedir and is asked for User/Pass, after 
> entering 'examplestudent1'/hispassword he sees
/home/examplestudent1 .
>
> Possible approach 1:
> [homes]
>         comment = Home Directories
>         valid users = %S
>         browseable = No
>         read only = No
>         inherit acls = Yes
>
> The Problem with this one is, that the User would have to type 
> \\fileserver\examplestudent1 to get to his Homedir, which is _not_ wanted.
Or
> can this one be modified?
>
> Possible approach 2:
> [homedir]
>         comment = Home Directories
>         read only = No
>         browseable = Yes
>         path = /home/%u
>
> This seems to work, but is it secure enough? What about 'valid
users'? The
> computers are shut down after each lesson, so there won't be the case
that a
> old session is still alive.
>
> Requirements:
> A share that always has the same name (e.g. homedir) but behind that there
is
> the user's homedir or a share that lists /home and asks for a User/Pass
for
> each dir you click on. I know this is party done by setting appropriate 
> rights on the home dirs (700).
>
> I hope I made everything clear :) Thanks alot for your ideas!
>

Alright, thanks to your help, this seems to work now :)

The actual problem is the LDAP Backend now, since there are about 800 student 
accounts and I've only added a few (by hand) with sambaSamAccount 
objectClasses in order to test the case.

How can I add the samba specific options to all user accounts and possible 
even use the unix passwords (I know they cannot be reverted to clear text and 
therefore there is no way of creating a samba hash that way).

If there is any further assistance I would appreciate it very much :)

-- 
Greetings
 Alexander Schaber
 http://www.alexanderschaber.de
 GPG fingerprint = E61B 2945 512E 9DF4 69C3 20F5 0FA7 48BF 9413 40D8
-- 
Gru?
 Alexander Schaber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070108/a50434b3/attachment.bin