The next interesting question for me is: If I put '\\server\%username%' into ADUC Windows part (or \\server\username explicitly, for that matter), Samba on 'Ok/Apply' registers the attempt to access a non-existing share and applies the [homes] section (executes 'root preexec'). I tested that. However, the user doing this is the domain admin. So Samba would look that user up and create a new share named like the *domain admin* user - and link it to the local home of the domain admin user (if not specified otherwise). That is not what we want. If I put '/home/user' into the ADUC Unix Attributes, and the user then logs on to a domain member server, nothing will happen. Because the share 'home' ([home] without s) already exists. Because it already has to be mounted on the member server. Otherwise, the the user logging on wouldn't be able to access it. And even if it did not exist: the user always accesses locally mounted stuff, so never actually access the Samba file server hosting the (intended) home shares So how do you actually use this option? The only solution I could come up with is a logon script mounting the user's home on demand (on logon). But that would fail, because the user has no root permissions. Right? Or am I missing something? Am 22.10.2015 um 14:28 schrieb Rowland Penny:> On 22/10/15 13:07, mourik jan heupink wrote: >> >> >> On 10/22/2015 11:37 AM, Rowland Penny wrote: >>>> However, I wouldn't want to use \\server\%username% as home dir >>>> location, was well. >>>> >>>> >>> >>> I wouldn't either, mostly because it wouldn't work. >>> >>> Rowland > > Perhaps I should have been a bit more explicit, having a > 'unixHomeDirectory' attribute containing '\\server\%username%' will > not work, it is expected to contain something like '/home/rowland' > i.e. the path to the home directory belonging to Rowland. Unix would > not identify backslashes, it expects forward slashes , it wouldn't be > able to understand '%username%' either > > Rowland > >> >> Well it has been working here for *many* years, pretty much already >> since samba 2.2.8 days. The only problem is that nowadays (when using >> AD/aduc) ADUC insists to create the folder for us, and that doesn't >> work with \\server\%username% >> >> (and yes, I know about the other ways to create users, it's just that >> the persons creating our users like the regular windows tools to do >> their job) >> >> MJ >> > >
On 22/10/15 14:02, Ole Traupe wrote:> The next interesting question for me is: > > If I put '\\server\%username%' into ADUC Windows part (or > \\server\username explicitly, for that matter), Samba on 'Ok/Apply' > registers the attempt to access a non-existing share and applies the > [homes] section (executes 'root preexec'). I tested that. However, the > user doing this is the domain admin. So Samba would look that user up > and create a new share named like the *domain admin* user - and link > it to the local home of the domain admin user (if not specified > otherwise). That is not what we want. > > If I put '/home/user' into the ADUC Unix Attributes, and the user then > logs on to a domain member server, nothing will happen. Because the > share 'home' ([home] without s) already exists. Because it already has > to be mounted on the member server. Otherwise, the the user logging on > wouldn't be able to access it. And even if it did not exist: the user > always accesses locally mounted stuff, so never actually access the > Samba file server hosting the (intended) home shares > > So how do you actually use this option? > > The only solution I could come up with is a logon script mounting the > user's home on demand (on logon). But that would fail, because the > user has no root permissions. Right? Or am I missing something? > > > > Am 22.10.2015 um 14:28 schrieb Rowland Penny: >> On 22/10/15 13:07, mourik jan heupink wrote: >>> >>> >>> On 10/22/2015 11:37 AM, Rowland Penny wrote: >>>>> However, I wouldn't want to use \\server\%username% as home dir >>>>> location, was well. >>>>> >>>>> >>>> >>>> I wouldn't either, mostly because it wouldn't work. >>>> >>>> Rowland >> >> Perhaps I should have been a bit more explicit, having a >> 'unixHomeDirectory' attribute containing '\\server\%username%' will >> not work, it is expected to contain something like '/home/rowland' >> i.e. the path to the home directory belonging to Rowland. Unix would >> not identify backslashes, it expects forward slashes , it wouldn't be >> able to understand '%username%' either >> >> Rowland >> >>> >>> Well it has been working here for *many* years, pretty much already >>> since samba 2.2.8 days. The only problem is that nowadays (when >>> using AD/aduc) ADUC insists to create the folder for us, and that >>> doesn't work with \\server\%username% >>> >>> (and yes, I know about the other ways to create users, it's just >>> that the persons creating our users like the regular windows tools >>> to do their job) >>> >>> MJ >>> >> >> > >root preexec (S) This is the same as the preexec parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened. preexec (S) This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.
On 22/10/15 14:35, Ole Traupe wrote:> So you are suggesting to use the 'root preexec' parameter to try to > map a non-existing share in order to have the Samba file server create > it. > > This time, this 'root preexec' is in which smb.conf section on what > server? My DC is not the server hosting the homes. > > >The title of this thread is: [Samba] Can't get 'root preexec' to run You now seem to have got the share '[homes]' working but have found that by using 'root preexec' your script is being run by the 'root' user. I was just pointing out that there is another command called 'preexec' and as an aside, just who did you think was going run a command run from something called 'root preexec' ???? Rowland
No. You don't actually seem to reed what I am writing. I pointed out that in the two scenarios I described before the [homes] section never correctly comes into play. Lets forget about the Windows part. ADUC is not creating the share as the respective user and would just mess things up. Lets focus on the Linux side instead. This [homes] section applies if you try to access a share that doesn't exist - then that is created. But on the other side, Unix users can only access something that is already locally mounted - e.g. the home directory base folder (\\server\home would it be addressed by Windows). So the user logging on to a domain member server accesses something locally mounted to e.g. /home. So this share already exists. Ergo, the [homes] section on the file server won't come into play at all. The only way this could work would be, if the user himself would mount his personal share directly at logon. And this could be accomplished via a logon script in the netlogon share OR a second 'root preexec' in the [netlogon] section of smb.conf - both on the DC (the latter even involving remote ssh mount commands executed on the domain member server). But this seems awfully complicated to me and I wouldn't think this is the intended use (which I am trying to figure out). So I actually would like to ask one of the devs: how is this meant to be used? Am 22.10.2015 um 16:00 schrieb Rowland Penny:> On 22/10/15 14:35, Ole Traupe wrote: >> So you are suggesting to use the 'root preexec' parameter to try to >> map a non-existing share in order to have the Samba file server >> create it. >> >> This time, this 'root preexec' is in which smb.conf section on what >> server? My DC is not the server hosting the homes. >> >> >> > > The title of this thread is: [Samba] Can't get 'root preexec' to run > > You now seem to have got the share '[homes]' working but have found > that by using 'root preexec' your script is being run by the 'root' > user. I was just pointing out that there is another command called > 'preexec' and as an aside, just who did you think was going run a > command run from something called 'root preexec' ???? > > Rowland >