samba - Oct 2015 - Can't get 'root preexec' to run

Hi,

I am trying to automatically create nested zfs data sets as home 
directories. I have a script that works fine if I execute it manually as 
root (auth via public key). It also creates a short log file in the same 
dir.

However, this section in my smb.conf (on the DC) doesn't seem to execute 
(no data set created, no log file) on user logon (on a member server):

[homes]
        comment = User Home Directories
        browseable = no
        writable = yes
        root preexec = /usr/local/samba/scripts/createzfshome.sh %U

What might be the reason? Is this conflicting with rfc2307 use?

My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member server 
(where the logon happens; either via ssh or with FreeNX terminal 
software) is Version 3.6.23.

Is Samba 3 a problem here?

Best,
Ole

-- 

Dr. Ole Traupe
Lab Manager

Technische Universität Berlin

Meanwhile I managed to search the thread titles of the last 5 years 
manually for "preexec". Is there a better solution for accessing the 
archive of this list?
--

Still I can't get the DC's [homes] section's 'preexec'
command to run on
user logon (on one of the domain member PCs). Selinux on the DC is off, 
of course. I also tried the log-on on a Win7 domain member instead of 
linux, but still no sign of the script running: my log file is not 
created; zfs data sets neither. I made sure that the log file is created 
even if zfs data set creation fails to some reason.

What might be interfering with this? I read the explanation of the 
'preexec' command in the manpages but there is no direct reference to 
its use in the [homes] section.

Even remote ideas would be most welcome!

Ole


Am 15.10.2015 um 12:05 schrieb Ole Traupe:
> Hi,
>
> I am trying to automatically create nested zfs data sets as home 
> directories. I have a script that works fine if I execute it manually 
> as root (auth via public key). It also creates a short log file in the 
> same dir.
>
> However, this section in my smb.conf (on the DC) doesn't seem to 
> execute (no data set created, no log file) on user logon (on a member 
> server):
>
> [homes]
>        comment = User Home Directories
>        browseable = no
>        writable = yes
>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>
> What might be the reason? Is this conflicting with rfc2307 use?
>
> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member server 
> (where the logon happens; either via ssh or with FreeNX terminal 
> software) is Version 3.6.23.
>
> Is Samba 3 a problem here?
>
> Best,
> Ole
>
> -- 
>
> Dr. Ole Traupe
> Lab Manager
>
> Technische Universität Berlin
>
>
>
-- 

Dr. Ole Traupe

Lab Manager

Technische Universität Berlin
Biopsychologie und Neuroergonomie
Institut für Psychologie und Arbeitswissenschaft

Biological Psychology and Neuroergonomics
Department of Psychology and Ergonomics

Postanschrift/Mail to:

TU Berlin
Sekr. MAR 3-2
Marchstr. 23
10587 Berlin
GERMANY

Zimmer/Office: MAR 3.052
Telefon/Phone: (+49) 030 314 22721
Fax: (+49) 030 314 25274

E-Mail: ole.traupe at tu-berlin.de
www.bpn.tu-berlin.de

You tried the pam module mkhomedir ?

And have your tried : 
root preexec = "/usr/local/samba/scripts/createzfshome.sh %U"
or 
root preexec = /usr/local/samba/scripts/createzfshome.sh "%U"

Is the homedir on a NFS mounted dir? Exports correctly set? 



Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: dinsdag 20 oktober 2015 10:36
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
> 
> Meanwhile I managed to search the thread titles of the last 5 years
> manually for "preexec". Is there a better solution for accessing
the
> archive of this list?
> --
> 
> Still I can't get the DC's [homes] section's 'preexec'
command to run on
> user logon (on one of the domain member PCs). Selinux on the DC is off,
> of course. I also tried the log-on on a Win7 domain member instead of
> linux, but still no sign of the script running: my log file is not
> created; zfs data sets neither. I made sure that the log file is created
> even if zfs data set creation fails to some reason.
> 
> What might be interfering with this? I read the explanation of the
> 'preexec' command in the manpages but there is no direct reference
to
> its use in the [homes] section.
> 
> Even remote ideas would be most welcome!
> 
> Ole
> 
> 
> Am 15.10.2015 um 12:05 schrieb Ole Traupe:
> > Hi,
> >
> > I am trying to automatically create nested zfs data sets as home
> > directories. I have a script that works fine if I execute it manually
> > as root (auth via public key). It also creates a short log file in the
> > same dir.
> >
> > However, this section in my smb.conf (on the DC) doesn't seem to
> > execute (no data set created, no log file) on user logon (on a member
> > server):
> >
> > [homes]
> >        comment = User Home Directories
> >        browseable = no
> >        writable = yes
> >        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
> >
> > What might be the reason? Is this conflicting with rfc2307 use?
> >
> > My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member
server
> > (where the logon happens; either via ssh or with FreeNX terminal
> > software) is Version 3.6.23.
> >
> > Is Samba 3 a problem here?
> >
> > Best,
> > Ole
> >
> > --
> >
> > Dr. Ole Traupe
> > Lab Manager
> >
> > Technische Universität Berlin
> >
> >
> >
> 
> --
> 
> Dr. Ole Traupe
> 
> Lab Manager
> 
> Technische Universität Berlin
> Biopsychologie und Neuroergonomie
> Institut für Psychologie und Arbeitswissenschaft
> 
> Biological Psychology and Neuroergonomics
> Department of Psychology and Ergonomics
> 
> Postanschrift/Mail to:
> 
> TU Berlin
> Sekr. MAR 3-2
> Marchstr. 23
> 10587 Berlin
> GERMANY
> 
> Zimmer/Office: MAR 3.052
> Telefon/Phone: (+49) 030 314 22721
> Fax: (+49) 030 314 25274
> 
> E-Mail: ole.traupe at tu-berlin.de
> www.bpn.tu-berlin.de
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Am 20.10.2015 um 11:01 schrieb L.P.H. van Belle:
> You tried the pam module mkhomedir ?
>
> And have your tried :
> root preexec = "/usr/local/samba/scripts/createzfshome.sh %U"
> or
> root preexec = /usr/local/samba/scripts/createzfshome.sh "%U"
The latter, with and without quotes around the %U.
>
> Is the homedir on a NFS mounted dir? Exports correctly set?
The base dir for the homes is a zfs data set shared via Samba 4 and 
mounted as cifs to /home on the domain member server (CentOS 6.7). I 
also tried the log-on on a Windows 7 client, so the user home was 
addressed as \\server\homebase\userhome in the "Profile" tab of the
user
properties in the MS ADUC console.

As I initially wanted to create a (nested) zfs data set via a 
"preexec"-invoked script, I haven't tried the mkhomedir pam
module.

The thing is, that my preexec parameter is not working at all, and that 
primarily I want to find out, why that is - under what circumstances it 
should work and what interferes with it.

Plus: if I can't get it to work, I can't use nested data sets in a 
proper manner, and thus will revert to simple subfolders of the home 
base dir \\server\homebase (which Samba creates just fine).

Anyways, thanks for you help, Louis!


>
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
>> Verzonden: dinsdag 20 oktober 2015 10:36
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
>>
>> Meanwhile I managed to search the thread titles of the last 5 years
>> manually for "preexec". Is there a better solution for
accessing the
>> archive of this list?
>> --
>>
>> Still I can't get the DC's [homes] section's
'preexec' command to run on
>> user logon (on one of the domain member PCs). Selinux on the DC is off,
>> of course. I also tried the log-on on a Win7 domain member instead of
>> linux, but still no sign of the script running: my log file is not
>> created; zfs data sets neither. I made sure that the log file is
created
>> even if zfs data set creation fails to some reason.
>>
>> What might be interfering with this? I read the explanation of the
>> 'preexec' command in the manpages but there is no direct
reference to
>> its use in the [homes] section.
>>
>> Even remote ideas would be most welcome!
>>
>> Ole
>>
>>
>> Am 15.10.2015 um 12:05 schrieb Ole Traupe:
>>> Hi,
>>>
>>> I am trying to automatically create nested zfs data sets as home
>>> directories. I have a script that works fine if I execute it
manually
>>> as root (auth via public key). It also creates a short log file in
the
>>> same dir.
>>>
>>> However, this section in my smb.conf (on the DC) doesn't seem
to
>>> execute (no data set created, no log file) on user logon (on a
member
>>> server):
>>>
>>> [homes]
>>>         comment = User Home Directories
>>>         browseable = no
>>>         writable = yes
>>>         root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>>>
>>> What might be the reason? Is this conflicting with rfc2307 use?
>>>
>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member
server
>>> (where the logon happens; either via ssh or with FreeNX terminal
>>> software) is Version 3.6.23.
>>>
>>> Is Samba 3 a problem here?
>>>
>>> Best,
>>> Ole
>>>
>>> --
>>>
>>> Dr. Ole Traupe
>>> Lab Manager
>>>
>>> Technische Universität Berlin
>>>
>>>
>>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

On 15/10/15 11:05, Ole Traupe wrote:
> Hi,
>
> I am trying to automatically create nested zfs data sets as home 
> directories. I have a script that works fine if I execute it manually 
> as root (auth via public key). It also creates a short log file in the 
> same dir.
>
> However, this section in my smb.conf (on the DC) doesn't seem to 
> execute (no data set created, no log file) on user logon (on a member 
> server):
>
> [homes]
>        comment = User Home Directories
>        browseable = no
>        writable = yes
>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>
> What might be the reason? Is this conflicting with rfc2307 use?
>
> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member server 
> (where the logon happens; either via ssh or with FreeNX terminal 
> software) is Version 3.6.23.
>
> Is Samba 3 a problem here?
>
> Best,
> Ole
>
Hmm, struggling to understand just what you are trying to, I think you 
are trying to do this:

You have the users home directories stored on the DC
The users log onto a samba member server (running 3.6.23)
You then expect the users home directory to be created on the DC

Is the above correct, if it isn't, can you state just what you expect to 
happen, line by line as above.

Rowland

Looks like my nfsv4 kerberos and root access problem. 

In that case, root didnt have a kerberos ticket, and was not allowed to access
the needed folder. I think this is a bit the same.

Creating the users and profiles shares from ADUC is working fine for me but 
not scripted from user root. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: dinsdag 20 oktober 2015 16:50
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
> 
> 
> 
> Am 20.10.2015 um 11:01 schrieb L.P.H. van Belle:
> > You tried the pam module mkhomedir ?
> >
> > And have your tried :
> > root preexec = "/usr/local/samba/scripts/createzfshome.sh
%U"
> > or
> > root preexec = /usr/local/samba/scripts/createzfshome.sh
"%U"
> 
> The latter, with and without quotes around the %U.
> 
> >
> > Is the homedir on a NFS mounted dir? Exports correctly set?
> 
> The base dir for the homes is a zfs data set shared via Samba 4 and
> mounted as cifs to /home on the domain member server (CentOS 6.7). I
> also tried the log-on on a Windows 7 client, so the user home was
> addressed as \\server\homebase\userhome in the "Profile" tab of
the user
> properties in the MS ADUC console.
> 
> As I initially wanted to create a (nested) zfs data set via a
> "preexec"-invoked script, I haven't tried the mkhomedir pam
module.
> 
> The thing is, that my preexec parameter is not working at all, and that
> primarily I want to find out, why that is - under what circumstances it
> should work and what interferes with it.
> 
> Plus: if I can't get it to work, I can't use nested data sets in a
> proper manner, and thus will revert to simple subfolders of the home
> base dir \\server\homebase (which Samba creates just fine).
> 
> Anyways, thanks for you help, Louis!
> 
> 
> 
> >
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole
Traupe
> >> Verzonden: dinsdag 20 oktober 2015 10:36
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
> >>
> >> Meanwhile I managed to search the thread titles of the last 5
years
> >> manually for "preexec". Is there a better solution for
accessing the
> >> archive of this list?
> >> --
> >>
> >> Still I can't get the DC's [homes] section's
'preexec' command to run
> on
> >> user logon (on one of the domain member PCs). Selinux on the DC is
off,
> >> of course. I also tried the log-on on a Win7 domain member instead
of
> >> linux, but still no sign of the script running: my log file is not
> >> created; zfs data sets neither. I made sure that the log file is
> created
> >> even if zfs data set creation fails to some reason.
> >>
> >> What might be interfering with this? I read the explanation of the
> >> 'preexec' command in the manpages but there is no direct
reference to
> >> its use in the [homes] section.
> >>
> >> Even remote ideas would be most welcome!
> >>
> >> Ole
> >>
> >>
> >> Am 15.10.2015 um 12:05 schrieb Ole Traupe:
> >>> Hi,
> >>>
> >>> I am trying to automatically create nested zfs data sets as
home
> >>> directories. I have a script that works fine if I execute it
manually
> >>> as root (auth via public key). It also creates a short log
file in the
> >>> same dir.
> >>>
> >>> However, this section in my smb.conf (on the DC) doesn't
seem to
> >>> execute (no data set created, no log file) on user logon (on a
member
> >>> server):
> >>>
> >>> [homes]
> >>>         comment = User Home Directories
> >>>         browseable = no
> >>>         writable = yes
> >>>         root preexec =
/usr/local/samba/scripts/createzfshome.sh %U
> >>>
> >>> What might be the reason? Is this conflicting with rfc2307
use?
> >>>
> >>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba
member server
> >>> (where the logon happens; either via ssh or with FreeNX
terminal
> >>> software) is Version 3.6.23.
> >>>
> >>> Is Samba 3 a problem here?
> >>>
> >>> Best,
> >>> Ole
> >>>
> >>> --
> >>>
> >>> Dr. Ole Traupe
> >>> Lab Manager
> >>>
> >>> Technische Universität Berlin
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hi Rowland,

thank you for your effort! However, this is entirely not what I am 
trying to achieve.

What I am trying to achieve is to get the "prexec" method to work.

The reason behind this is that I would like to have a zfs data set 
created per user in an automatic (scripted) way. The reason behind that 
is that if I do this by hand - from a domain admin account and with the 
ACL recommendations of the Samba wiki (inheritance of owner rights), a 
simple user funnily has no read or write rights on the files and folders 
in his home dir. Apparently, because he wasn't the owner at the time of 
creation of his home dir. But the above-mentioned domain admin account 
is the owner of the users files. And by making him (the user) the owner 
post-hoc I wasn't able to solve this. Samba doesn't seem to recognize 
(inherite) the owner changes properly. Or I'm just too stupid to get 
this done properly.

Now I will try to list my setup and intentions in a step-by-step way as 
you recommended:

- srvA: CentOS 6 Samba 4 DC
- srvB: CentOS 6 domain member file server sharing zfs data sets via 
Samba 4 (not via zfs' built-in module)
- srvC: CentOS 6 domain member compute and terminal server running Samba 
3.6.23
- cliA: Windows 7 domain client, where I do the management via ADUC 
console, and where I can test Windows log-ons
- I want to log on to srvC and cliA and have the same home dir for each 
users
- I want these home dirs to be zfs data sets on srvB (for various 
reasons we probably shouldn't discuss here on the list)

I know in theory, how to achieve this. My script - on the DC - works as 
such if I execute it by hand. It remotely executes commands via ssh 
(public key authentication). My domain is also working correctly 
according to all tests found on the Samba wiki. My only problem is, that 
this darn "preexec" method in the [homes] section of my DC is not 
executing on user logon on srvC or cliA. I have it create two different 
log files depending on success and failure of the first script line that 
begins an if clause containing the rest of the commands. But this log 
file is not created anyhere on the DC.

So, after all, I actually am trying to figure out, why that is.

If I seem unappreciative of your attempt to help me, let me assure you 
that it is not the case. I just figured that it would be enough to ask 
whether someone has an idea of why "preexec" isn't working in my
case.
And that probably is because I am new to this and very likely 
overlooking the obvious here.

Best regards,
Ole



Am 20.10.2015 um 17:15 schrieb Rowland Penny:
> On 15/10/15 11:05, Ole Traupe wrote:
>> Hi,
>>
>> I am trying to automatically create nested zfs data sets as home 
>> directories. I have a script that works fine if I execute it manually 
>> as root (auth via public key). It also creates a short log file in 
>> the same dir.
>>
>> However, this section in my smb.conf (on the DC) doesn't seem to 
>> execute (no data set created, no log file) on user logon (on a member 
>> server):
>>
>> [homes]
>>        comment = User Home Directories
>>        browseable = no
>>        writable = yes
>>        root preexec = /usr/local/samba/scripts/createzfshome.sh %U
>>
>> What might be the reason? Is this conflicting with rfc2307 use?
>>
>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member 
>> server (where the logon happens; either via ssh or with FreeNX 
>> terminal software) is Version 3.6.23.
>>
>> Is Samba 3 a problem here?
>>
>> Best,
>> Ole
>>
>
> Hmm, struggling to understand just what you are trying to, I think you 
> are trying to do this:
>
> You have the users home directories stored on the DC
> The users log onto a samba member server (running 3.6.23)
> You then expect the users home directory to be created on the DC
>
> Is the above correct, if it isn't, can you state just what you expect 
> to happen, line by line as above.
>
> Rowland
>
>