samba - Feb 2017 - Samba AD domain member and home directory creation

On a Centos 7 minimal fresh install I have follow this howto:

http://www.hexblot.com/blog/centos-7-active-directory-and-samba

and I have Joining to an Active Directory server without problem.

The command "id administrator" work great, the home directory
(/home/us
er at srl) is successfully created if I run "su - user" or "ssh
user at localhost" from a shell command.

Ad this point I have add the [homes] session to smb.conf 

    [homes]
        comment = Home Directories
        browseable = No
        inherit acls = Yes
        read only = No
        valid users = %S %D%w%S

an also this work fine, but only if I run before "su - user" or I
create manually the user's home directory.

My question is:

    There is some way to create automatically this home directory when
    the user access to it the first time via smbclient or another WinPC?

Many thanks. 
 
P.S. This is my testparm -s:
> Server role: ROLE_DOMAIN_MEMBER
> 
> # Global parameters
> [global]
>         realm = SRL.LOCAL
>         workgroup = SRL
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         load printers = No
>         printcap name = /dev/null
>         security = ADS
>         idmap config * : backend = tdb
>         cups options = raw
>         hosts allow = 127. 192.168.1.
> 
> 
> [homes]
>         comment = Home Directories
>         browseable = No
>         inherit acls = Yes
>         read only = No
>         valid users = %S %D%w%S
> 
> 
> [dati]
>         comment = Area pubblica
>         path = /u/samba/dati
>         read only = No
> 
-- 
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)

On Thu, 09 Feb 2017 16:10:18 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> On a Centos 7 minimal fresh install I have follow this howto:
> 
> 
> My question is:
> 
>     There is some way to create automatically this home directory when
>     the user access to it the first time via smbclient or another
> WinPC?
> 
You need to get use PAM for this, I think it is 'oddjob-mkhomedir' on
Centos

Rowland

Il giorno gio, 09/02/2017 alle 15.59 +0000, Rowland Penny via samba ha
scritto:
> You need to get use PAM for this, I think it is 'oddjob-mkhomedir'
on
> Centos
> 
> 
Thank Rowland, but 'oddjob-mkhomedir' (and sssd) is already installed
and with system login (su -, or ssh or login) work fine.

My only problem is when access to server at the user home folder via
client windows or smbclient, in this case the home dir is not created.

Some suggest?

Thanks

-- 
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)

Hi Dario,
> On a Centos 7 minimal fresh install I have follow this howto:
>
> http://www.hexblot.com/blog/centos-7-active-directory-and-samba
>
> and I have Joining to an Active Directory server without problem.
>
> The command "id administrator" work great, the home directory
(/home/us
> er at srl) is successfully created if I run "su - user" or
"ssh
> user at localhost" from a shell command.
>
> Ad this point I have add the [homes] session to smb.conf
>
>     [homes]
>         comment = Home Directories
>         browseable = No
>         inherit acls = Yes
>         read only = No
>         valid users = %S %D%w%S
>
> an also this work fine, but only if I run before "su - user" or I
> create manually the user's home directory.
>
> My question is:
>
>     There is some way to create automatically this home directory when
>     the user access to it the first time via smbclient or another WinPC?
you can add a "root preexec=/opt/create_home.sh " parameter [1] in the
share definition and create the home and set the owner/mask in the shell 
script. As the name implies, it will execute the script as root before 
giving access to the share to the user. I have not tested it with 
selinux enabled though.

Cheers,

Denis

[1] https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html , 
search for "root preexec"

>
> Many thanks.
>
> P.S. This is my testparm -s:
>
>> Server role: ROLE_DOMAIN_MEMBER
>>
>> # Global parameters
>> [global]
>>         realm = SRL.LOCAL
>>         workgroup = SRL
>>         log file = /var/log/samba/log.%m
>>         max log size = 50
>>         load printers = No
>>         printcap name = /dev/null
>>         security = ADS
>>         idmap config * : backend = tdb
>>         cups options = raw
>>         hosts allow = 127. 192.168.1.
>>
>>
>> [homes]
>>         comment = Home Directories
>>         browseable = No
>>         inherit acls = Yes
>>         read only = No
>>         valid users = %S %D%w%S
>>
>>
>> [dati]
>>         comment = Area pubblica
>>         path = /u/samba/dati
>>         read only = No
>>
-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr