samba - Jul 2007 - does samba support non-flat /home

Hi all,

I hope this is an easy one:

We've just set up a samba server and We're using winbind with the
idmap_rid backend option to authenticate users via AD. So far so good!
Now we want window users to have there home shares on the samba
server.

When Winbind pulls a list of users from AD it appears to use the
template homedir option in our smb.conf to figure out where users home
directories should be located (Am I wrong about this?) This
relationship seems to get "hard coded" into the idmap.

My question is can the smb.conf Global Option "template homedir =" be
used to allow users to log in to their home dir if /home isn't flat?
Is there another way to do this?

We have about 1500 hundred kids whose home directories should look
like /home/graduationYear/studentName

So student a's home directory should look like:
 /home/2008/astudent

and student b's  might be:
 /home/2009/bstudent

Would it be better to just leave out template homedir, remove the
tdb's and rebind to windows? What would SAMBA's process be to map
windows users to unix home directories then?

Perhaps the real solution is to create shares like this:

[2007]
      path = /home/students/2007
      valid users = %S
      readonly = no
      writable = yes
      printable = no
      create mode = 0600
      directory mode = 0600


[2008]
      path = /home/students/2008
      valid users = %S
      readonly = no
      writable = yes
      printable = no
      create mode = 0600
      directory mode = 0600

Any advice would be appreciated!

Thanks!

John

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

john wrote, On 15-07-2007 20:19:
> Hi all,
> 
> I hope this is an easy one:
> 
> We've just set up a samba server and We're using winbind 
> with the idmap_rid backend option to authenticate users
> via AD. So far so good! Now we want window users to have
> there home shares on the samba server.
> 
> When Winbind pulls a list of users from AD it appears to 
> use the template homedir option in our smb.conf to figure
> out where users home directories should be located (Am I
> wrong about this?) This relationship seems to get "hard
> coded" into the idmap.
	I wouldn't say "hard coded", I would say it has a
default value /home/%D/%U

> My question is can the smb.conf Global Option "template 
> homedir =" be used to allow users to log in to their
> home dir if /home isn't flat? Is there another way to do
> this?
	Yes, 'template homedir' can be used to change the
value, but I'm not sure if it will work for you, because
you have years in the template.

	You could use a "envvar":

        %$(envvar)
          the value of the environment variable envar.


	But I'm not sure how would you tell samba on
a per-user basis about that, except by my suggestion
below to use primary groups.

> We have about 1500 hundred kids whose home directories 
> should look like /home/graduationYear/studentName
> 
> So student a's home directory should look like:
>  /home/2008/astudent
> 
> and student b's  might be:
>  /home/2009/bstudent
	That's the point, I don't know how you could use
a variable for the "year".  /home/$year/%U, not sure but
maybe you can have your students in the primary group of
their graduation year and use that as a variable:

	/home/g2008/astudent
	/home/g2009/bstudent

	template homedir = /home/%G/%U

	astudent primary group is g2008
	bstudent primary group is g2009

> Would it be better to just leave out template homedir, remove the
> tdb's and rebind to windows? What would SAMBA's process be to map
> windows users to unix home directories then?
	Not sure about that, but I think if you can afford
that change, you could opt to change the primary groups and
go with the above solution or something similar. Check the
variables available in smb.conf.

> Perhaps the real solution is to create shares like this:
> 
> [2007]
>       path = /home/students/2007
>       valid users = %S
>       readonly = no
>       writable = yes
>       printable = no
>       create mode = 0600
>       directory mode = 0600
> 
> 
> [2008]
>       path = /home/students/2008
>       valid users = %S
>       readonly = no
>       writable = yes
>       printable = no
>       create mode = 0600
>       directory mode = 0600
	Uhhh... sorry, that's ugly and will give you
a lot of work every year, the group approach seems
to be more maintainable. ;)

> Any advice would be appreciated!
> Thanks!
> John
	Hope this helps.
	Kind regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGnh6QCj65ZxU4gPQRCOn3AJ9Gp51+Y70UBahF3aEMiTNEMX0HUQCfeY+D
TOFQ5p4E2Z2hHPp5eZjWK6U=7TPS
-----END PGP SIGNATURE-----