Looks like my nfsv4 kerberos and root access problem. In that case, root didnt have a kerberos ticket, and was not allowed to access the needed folder. I think this is a bit the same. Creating the users and profiles shares from ADUC is working fine for me but not scripted from user root. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe > Verzonden: dinsdag 20 oktober 2015 16:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Can't get 'root preexec' to run > > > > Am 20.10.2015 um 11:01 schrieb L.P.H. van Belle: > > You tried the pam module mkhomedir ? > > > > And have your tried : > > root preexec = "/usr/local/samba/scripts/createzfshome.sh %U" > > or > > root preexec = /usr/local/samba/scripts/createzfshome.sh "%U" > > The latter, with and without quotes around the %U. > > > > > Is the homedir on a NFS mounted dir? Exports correctly set? > > The base dir for the homes is a zfs data set shared via Samba 4 and > mounted as cifs to /home on the domain member server (CentOS 6.7). I > also tried the log-on on a Windows 7 client, so the user home was > addressed as \\server\homebase\userhome in the "Profile" tab of the user > properties in the MS ADUC console. > > As I initially wanted to create a (nested) zfs data set via a > "preexec"-invoked script, I haven't tried the mkhomedir pam module. > > The thing is, that my preexec parameter is not working at all, and that > primarily I want to find out, why that is - under what circumstances it > should work and what interferes with it. > > Plus: if I can't get it to work, I can't use nested data sets in a > proper manner, and thus will revert to simple subfolders of the home > base dir \\server\homebase (which Samba creates just fine). > > Anyways, thanks for you help, Louis! > > > > > > > > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe > >> Verzonden: dinsdag 20 oktober 2015 10:36 > >> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] Can't get 'root preexec' to run > >> > >> Meanwhile I managed to search the thread titles of the last 5 years > >> manually for "preexec". Is there a better solution for accessing the > >> archive of this list? > >> -- > >> > >> Still I can't get the DC's [homes] section's 'preexec' command to run > on > >> user logon (on one of the domain member PCs). Selinux on the DC is off, > >> of course. I also tried the log-on on a Win7 domain member instead of > >> linux, but still no sign of the script running: my log file is not > >> created; zfs data sets neither. I made sure that the log file is > created > >> even if zfs data set creation fails to some reason. > >> > >> What might be interfering with this? I read the explanation of the > >> 'preexec' command in the manpages but there is no direct reference to > >> its use in the [homes] section. > >> > >> Even remote ideas would be most welcome! > >> > >> Ole > >> > >> > >> Am 15.10.2015 um 12:05 schrieb Ole Traupe: > >>> Hi, > >>> > >>> I am trying to automatically create nested zfs data sets as home > >>> directories. I have a script that works fine if I execute it manually > >>> as root (auth via public key). It also creates a short log file in the > >>> same dir. > >>> > >>> However, this section in my smb.conf (on the DC) doesn't seem to > >>> execute (no data set created, no log file) on user logon (on a member > >>> server): > >>> > >>> [homes] > >>> comment = User Home Directories > >>> browseable = no > >>> writable = yes > >>> root preexec = /usr/local/samba/scripts/createzfshome.sh %U > >>> > >>> What might be the reason? Is this conflicting with rfc2307 use? > >>> > >>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member server > >>> (where the logon happens; either via ssh or with FreeNX terminal > >>> software) is Version 3.6.23. > >>> > >>> Is Samba 3 a problem here? > >>> > >>> Best, > >>> Ole > >>> > >>> -- > >>> > >>> Dr. Ole Traupe > >>> Lab Manager > >>> > >>> Technische Universität Berlin > >>> > >>> > >>> > >> > >> > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 20/10/15 16:29, L.P.H. van Belle wrote:> Looks like my nfsv4 kerberos and root access problem. > > In that case, root didnt have a kerberos ticket, and was not allowed to access the needed folder. I think this is a bit the same. > > Creating the users and profiles shares from ADUC is working fine for me but > not scripted from user root. > > > Greetz, > > Louis > > >Hi Louis, it might help if you re-read the opening post, I mean what is an 's' between friends :-) I would then suggest the OP goes and reads this: https://wiki.samba.org/index.php/User_home_drives I think that I now understand what he is trying to do: The user logins in to a domain member (aka member server) where the users homedir does not exist, but there is a mount on /home and he is trying to get the users homedir created on the DC the first time the user connects, hmm I wonder if pam_mkhomedir will do this??? Rowland Rowland
Hai Rowland, The pam_mkhomedir worked ( by accident ) on for home dir on my print server. But i cant remember if that was a mounted /home or a local /home. Worth a try i think .. simple change and test. Thats why i suggested it.. ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > Verzonden: dinsdag 20 oktober 2015 18:03 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Can't get 'root preexec' to run > > On 20/10/15 16:29, L.P.H. van Belle wrote: > > Looks like my nfsv4 kerberos and root access problem. > > > > In that case, root didnt have a kerberos ticket, and was not allowed to > access the needed folder. I think this is a bit the same. > > > > Creating the users and profiles shares from ADUC is working fine for me > but > > not scripted from user root. > > > > > > Greetz, > > > > Louis > > > > > > > > Hi Louis, it might help if you re-read the opening post, I mean what is > an 's' between friends :-) > > I would then suggest the OP goes and reads this: > https://wiki.samba.org/index.php/User_home_drives > > I think that I now understand what he is trying to do: The user logins > in to a domain member (aka member server) where the users homedir does > not exist, but there is a mount on /home and he is trying to get the > users homedir created on the DC the first time the user connects, hmm I > wonder if pam_mkhomedir will do this??? > > Rowland > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 20/10/15 21:08, L.P.H. van Belle wrote:> Hai Rowland, > > The pam_mkhomedir worked ( by accident ) on for home dir on my print server. > But i cant remember if that was a mounted /home or a local /home. > Worth a try i think .. simple change and test. > Thats why i suggested it.. ;-)I know it will work on a normal login to a domain member with a static /home, but I have never tried it with a mounted /home. In theory it should create the home dir on the mount and this should create it on the DC, but in practice ?? The other thing I was trying to point out was that you shouldn't use [homes] on the DC and the OP is. Rowland> > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >> Verzonden: dinsdag 20 oktober 2015 18:03 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Can't get 'root preexec' to run >> >> On 20/10/15 16:29, L.P.H. van Belle wrote: >>> Looks like my nfsv4 kerberos and root access problem. >>> >>> In that case, root didnt have a kerberos ticket, and was not allowed to >> access the needed folder. I think this is a bit the same. >>> Creating the users and profiles shares from ADUC is working fine for me >> but >>> not scripted from user root. >>> >>> >>> Greetz, >>> >>> Louis >>> >>> >>> >> Hi Louis, it might help if you re-read the opening post, I mean what is >> an 's' between friends :-) >> >> I would then suggest the OP goes and reads this: >> https://wiki.samba.org/index.php/User_home_drives >> >> I think that I now understand what he is trying to do: The user logins >> in to a domain member (aka member server) where the users homedir does >> not exist, but there is a mount on /home and he is trying to get the >> users homedir created on the DC the first time the user connects, hmm I >> wonder if pam_mkhomedir will do this??? >> >> Rowland >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
Louis, thanks for the idea! I can execute the script as root on linux (tested this), because I do folder (zfs data set) creation via remote ssh commands, so not in the domain context. But the point is that the script won't even execute. Even on failure, there would be a log file created by my script which can't be found anywhere. Ole Am 20.10.2015 um 17:29 schrieb L.P.H. van Belle:> Looks like my nfsv4 kerberos and root access problem. > > In that case, root didnt have a kerberos ticket, and was not allowed to access the needed folder. I think this is a bit the same. > > Creating the users and profiles shares from ADUC is working fine for me but > not scripted from user root. > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe >> Verzonden: dinsdag 20 oktober 2015 16:50 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Can't get 'root preexec' to run >> >> >> >> Am 20.10.2015 um 11:01 schrieb L.P.H. van Belle: >>> You tried the pam module mkhomedir ? >>> >>> And have your tried : >>> root preexec = "/usr/local/samba/scripts/createzfshome.sh %U" >>> or >>> root preexec = /usr/local/samba/scripts/createzfshome.sh "%U" >> The latter, with and without quotes around the %U. >> >>> Is the homedir on a NFS mounted dir? Exports correctly set? >> The base dir for the homes is a zfs data set shared via Samba 4 and >> mounted as cifs to /home on the domain member server (CentOS 6.7). I >> also tried the log-on on a Windows 7 client, so the user home was >> addressed as \\server\homebase\userhome in the "Profile" tab of the user >> properties in the MS ADUC console. >> >> As I initially wanted to create a (nested) zfs data set via a >> "preexec"-invoked script, I haven't tried the mkhomedir pam module. >> >> The thing is, that my preexec parameter is not working at all, and that >> primarily I want to find out, why that is - under what circumstances it >> should work and what interferes with it. >> >> Plus: if I can't get it to work, I can't use nested data sets in a >> proper manner, and thus will revert to simple subfolders of the home >> base dir \\server\homebase (which Samba creates just fine). >> >> Anyways, thanks for you help, Louis! >> >> >> >>> >>> >>> Greetz, >>> >>> Louis >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe >>>> Verzonden: dinsdag 20 oktober 2015 10:36 >>>> Aan: samba at lists.samba.org >>>> Onderwerp: Re: [Samba] Can't get 'root preexec' to run >>>> >>>> Meanwhile I managed to search the thread titles of the last 5 years >>>> manually for "preexec". Is there a better solution for accessing the >>>> archive of this list? >>>> -- >>>> >>>> Still I can't get the DC's [homes] section's 'preexec' command to run >> on >>>> user logon (on one of the domain member PCs). Selinux on the DC is off, >>>> of course. I also tried the log-on on a Win7 domain member instead of >>>> linux, but still no sign of the script running: my log file is not >>>> created; zfs data sets neither. I made sure that the log file is >> created >>>> even if zfs data set creation fails to some reason. >>>> >>>> What might be interfering with this? I read the explanation of the >>>> 'preexec' command in the manpages but there is no direct reference to >>>> its use in the [homes] section. >>>> >>>> Even remote ideas would be most welcome! >>>> >>>> Ole >>>> >>>> >>>> Am 15.10.2015 um 12:05 schrieb Ole Traupe: >>>>> Hi, >>>>> >>>>> I am trying to automatically create nested zfs data sets as home >>>>> directories. I have a script that works fine if I execute it manually >>>>> as root (auth via public key). It also creates a short log file in the >>>>> same dir. >>>>> >>>>> However, this section in my smb.conf (on the DC) doesn't seem to >>>>> execute (no data set created, no log file) on user logon (on a member >>>>> server): >>>>> >>>>> [homes] >>>>> comment = User Home Directories >>>>> browseable = no >>>>> writable = yes >>>>> root preexec = /usr/local/samba/scripts/createzfshome.sh %U >>>>> >>>>> What might be the reason? Is this conflicting with rfc2307 use? >>>>> >>>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my Samba member server >>>>> (where the logon happens; either via ssh or with FreeNX terminal >>>>> software) is Version 3.6.23. >>>>> >>>>> Is Samba 3 a problem here? >>>>> >>>>> Best, >>>>> Ole >>>>> >>>>> -- >>>>> >>>>> Dr. Ole Traupe >>>>> Lab Manager >>>>> >>>>> Technische Universität Berlin >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >-- Dr. Ole Traupe Lab Manager Technische Universität Berlin Biopsychologie und Neuroergonomie Institut für Psychologie und Arbeitswissenschaft Biological Psychology and Neuroergonomics Department of Psychology and Ergonomics Postanschrift/Mail to: TU Berlin Sekr. MAR 3-2 Marchstr. 23 10587 Berlin GERMANY Zimmer/Office: MAR 3.052 Telefon/Phone: (+49) 030 314 22721 Fax: (+49) 030 314 25274 E-Mail: ole.traupe at tu-berlin.de www.bpn.tu-berlin.de
Maybe I finally figured it out. I found that sentence
"For example, the [test] and [homes] sections are unique disk shares;
they contain options that map to specific directories on the Samba server."
here:
https://www.samba.org/samba/docs/using_samba/ch06.html
Does that mean that this "preexec" in the [homes] section is not
invoked
if the user is accessing his or her home dir that is _configured_ on the
DC ("known" by the DC), but only if the home dir is actually
_located/shared_ there under \\dc\homes?
Seems logical now. :-/
So I could put my preexec part under [netlogon], right?
Am 21.10.2015 um 11:12 schrieb Ole Traupe:> Louis, thanks for the idea!
>
> I can execute the script as root on linux (tested this), because I do
> folder (zfs data set) creation via remote ssh commands, so not in the
> domain context.
>
> But the point is that the script won't even execute. Even on failure,
> there would be a log file created by my script which can't be found
> anywhere.
>
> Ole
>
>
> Am 20.10.2015 um 17:29 schrieb L.P.H. van Belle:
>> Looks like my nfsv4 kerberos and root access problem.
>>
>> In that case, root didnt have a kerberos ticket, and was not allowed
>> to access the needed folder. I think this is a bit the same.
>>
>> Creating the users and profiles shares from ADUC is working fine for
>> me but
>> not scripted from user root.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole
Traupe
>>> Verzonden: dinsdag 20 oktober 2015 16:50
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Can't get 'root preexec' to run
>>>
>>>
>>>
>>> Am 20.10.2015 um 11:01 schrieb L.P.H. van Belle:
>>>> You tried the pam module mkhomedir ?
>>>>
>>>> And have your tried :
>>>> root preexec = "/usr/local/samba/scripts/createzfshome.sh
%U"
>>>> or
>>>> root preexec = /usr/local/samba/scripts/createzfshome.sh
"%U"
>>> The latter, with and without quotes around the %U.
>>>
>>>> Is the homedir on a NFS mounted dir? Exports correctly set?
>>> The base dir for the homes is a zfs data set shared via Samba 4 and
>>> mounted as cifs to /home on the domain member server (CentOS 6.7).
I
>>> also tried the log-on on a Windows 7 client, so the user home was
>>> addressed as \\server\homebase\userhome in the "Profile"
tab of the
>>> user
>>> properties in the MS ADUC console.
>>>
>>> As I initially wanted to create a (nested) zfs data set via a
>>> "preexec"-invoked script, I haven't tried the
mkhomedir pam module.
>>>
>>> The thing is, that my preexec parameter is not working at all, and
that
>>> primarily I want to find out, why that is - under what
circumstances it
>>> should work and what interferes with it.
>>>
>>> Plus: if I can't get it to work, I can't use nested data
sets in a
>>> proper manner, and thus will revert to simple subfolders of the
home
>>> base dir \\server\homebase (which Samba creates just fine).
>>>
>>> Anyways, thanks for you help, Louis!
>>>
>>>
>>>
>>>>
>>>>
>>>> Greetz,
>>>>
>>>> Louis
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
Ole Traupe
>>>>> Verzonden: dinsdag 20 oktober 2015 10:36
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] Can't get 'root preexec'
to run
>>>>>
>>>>> Meanwhile I managed to search the thread titles of the last
5 years
>>>>> manually for "preexec". Is there a better
solution for accessing the
>>>>> archive of this list?
>>>>> --
>>>>>
>>>>> Still I can't get the DC's [homes] section's
'preexec' command to run
>>> on
>>>>> user logon (on one of the domain member PCs). Selinux on
the DC is
>>>>> off,
>>>>> of course. I also tried the log-on on a Win7 domain member
instead of
>>>>> linux, but still no sign of the script running: my log file
is not
>>>>> created; zfs data sets neither. I made sure that the log
file is
>>> created
>>>>> even if zfs data set creation fails to some reason.
>>>>>
>>>>> What might be interfering with this? I read the explanation
of the
>>>>> 'preexec' command in the manpages but there is no
direct reference to
>>>>> its use in the [homes] section.
>>>>>
>>>>> Even remote ideas would be most welcome!
>>>>>
>>>>> Ole
>>>>>
>>>>>
>>>>> Am 15.10.2015 um 12:05 schrieb Ole Traupe:
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to automatically create nested zfs data
sets as home
>>>>>> directories. I have a script that works fine if I
execute it
>>>>>> manually
>>>>>> as root (auth via public key). It also creates a short
log file
>>>>>> in the
>>>>>> same dir.
>>>>>>
>>>>>> However, this section in my smb.conf (on the DC)
doesn't seem to
>>>>>> execute (no data set created, no log file) on user
logon (on a
>>>>>> member
>>>>>> server):
>>>>>>
>>>>>> [homes]
>>>>>> comment = User Home Directories
>>>>>> browseable = no
>>>>>> writable = yes
>>>>>> root preexec =
/usr/local/samba/scripts/createzfshome.sh %U
>>>>>>
>>>>>> What might be the reason? Is this conflicting with
rfc2307 use?
>>>>>>
>>>>>> My DC's Samba version is 4.2.2 (on CentOS 6.7), my
Samba member
>>>>>> server
>>>>>> (where the logon happens; either via ssh or with FreeNX
terminal
>>>>>> software) is Version 3.6.23.
>>>>>>
>>>>>> Is Samba 3 a problem here?
>>>>>>
>>>>>> Best,
>>>>>> Ole
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Dr. Ole Traupe
>>>>>> Lab Manager
>>>>>>
>>>>>> Technische Universität Berlin
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and
read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
--
Dr. Ole Traupe
Lab Manager
Technische Universität Berlin
Biopsychologie und Neuroergonomie
Institut für Psychologie und Arbeitswissenschaft
Biological Psychology and Neuroergonomics
Department of Psychology and Ergonomics
Postanschrift/Mail to:
TU Berlin
Sekr. MAR 3-2
Marchstr. 23
10587 Berlin
GERMANY
Zimmer/Office: MAR 3.052
Telefon/Phone: (+49) 030 314 22721
Fax: (+49) 030 314 25274
E-Mail: ole.traupe at tu-berlin.de
www.bpn.tu-berlin.de