On Thu, 2012-04-12 at 11:21 +0200, NdK wrote:> Hi all.
>
> Is it just me or there's no way to restrict access to [homes] share to
> members of an AD group? Or is it treated like an ordinary Unix group via
> Winbind mapping? If I use "valid users = %S" (to give access to
the home
> only to the owner), every domain user (worse: every user in any trusted
> domain) can access his/her own share... if path exists. That leads to
> the second problem: is it possible to automatically create the home dir
> if it's missing (w/o requiring the user to log on the server)? Sort of
> "pam_mkhomedir" for shares...
>
Use the exec option for the share to call out a script to create the
home directory and set ownership etc. correctly.
Note if no home directory exists then you cannot access the share, so
your script to create their home directory automatically can test to see
if they are a member of a suitable group.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.