Hi ,
We have an DC (Ubuntu18.04) which also acts as a file server. The server was
recently classic upgraded to AD. Before that all the home drives were in /home.
When we migrated to change we added the following in smb.conf to give users
access to their existing home folders.
The problem now is that when we create a user either using samba-tool create
user username or smbpasswd or even via RSAT, it doesn't auto create the home
drive. The samba-tool create takes the -home-drive directive but doesn't
actually create the drive. Does this mean we need to create the home drive
first(i.e /home/username/samba)? If so do we then need to setup permissions to
those folders manually?
[homes]
comment = Home Directories
path = /home/%U/samba
read only = No
create mask = 0700
directory mask = 0700
directory mode = 0700
browseable = No
wide links = Yes
vfs objects = full_audit
The other question is that the /var/log/samba/log.%m file has become huge, 9 GB.
Following the below , we added the max log size = 1000 in smb.conf and did the
reload. The log file still hasn't rotated. Are we missing something ? The
audit level is at 4
https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server
Regards,
Praveen Ghimire
On 13/06/2019 12:42, Praveen Ghimire via samba wrote:> Hi , > > We have an DC (Ubuntu18.04) which also acts as a file server. The server was recently classic upgraded to AD. Before that all the home drives were in /home. When we migrated to change we added the following in smb.conf to give users access to their existing home folders. > > The problem now is that when we create a user either using samba-tool create user username or smbpasswd or even via RSAT, it doesn't auto create the home drive. The samba-tool create takes the -home-drive directive but doesn't actually create the drive. Does this mean we need to create the home drive first(i.e /home/username/samba)? If so do we then need to setup permissions to those folders manually?No, you need to add: session??? required?? pam_mkhomedir.so skel=/etc/skel/ umask=0022 To /etc/pam.d/common-session Your users will get their homedirs created at first logon.> > [homes] > comment = Home Directories > path = /home/%U/samba > read only = No > create mask = 0700 > directory mask = 0700 > directory mode = 0700 > browseable = No > wide links = Yes > vfs objects = full_auditI would change the above to: [homes] ??????? comment = Home Directories ??????? path = /home/%U/samba ??????? read only = No ??????? vfs objects = full_audit> > > The other question is that the /var/log/samba/log.%m file has become huge, 9 GB. Following the below , we added the max log size = 1000 in smb.conf and did the reload. The log file still hasn't rotated. Are we missing something ? The audit level is at 4 > > > https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server >You will need to set up logrotating, see your distros documentation for how to do this Rowland
On 6/13/19 6:42 AM, Praveen Ghimire via samba wrote:> The other question is that the /var/log/samba/log.%m file has become huge, 9 GB. Following the below , we added the max log size = 1000 in smb.conf and did the reload. The log file still hasn't rotated. Are we missing something ? The audit level is at 4 >Once everything is working you should be able to dial debugging down to the lowest level. Ubuntu 18.04 should be set up to automatically rotate logs.
Hi Rowland,
I've added the bit to the pam.d and rebooted the server but still no go
The following is from the log file for the machine (user is testhome2)
adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$' at
'/home/%U/samba'
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
Adding homes service for user 'LIN\testhome2' using home directory:
'/home/LIN/testhome2'
canonicalize_connect_path failed for service testhome2, path
/home/testhome2/samba
pam.d/common-session
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_winbind.so
session optional pam_systemd.so
# end of pam-auth-update config
Permissions of /home
drwxr-xr-x 225 root root 225 Jun 14 05:22 home
smb.conf: Home
[homes]
comment = Home Directories
# create mask = 0700
# directory mask = 0700
# browseable = No
read only = No
path = /home/%U/samba
vfs objects = full_audit
# follow symlinks = yes
# wide links = yes
Smb.conf: Global
[global]
workgroup = LIN
realm = LIN.GROUP
netbios name = SERVER5
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny
via samba
Sent: Thursday, 13 June 2019 10:00 PM
To: samba at lists.samba.org
Subject: Re: [Samba] AD home drive
On 13/06/2019 12:42, Praveen Ghimire via samba wrote:> Hi ,
>
> We have an DC (Ubuntu18.04) which also acts as a file server. The server
was recently classic upgraded to AD. Before that all the home drives were in
/home. When we migrated to change we added the following in smb.conf to give
users access to their existing home folders.
>
> The problem now is that when we create a user either using samba-tool
create user username or smbpasswd or even via RSAT, it doesn't auto create
the home drive. The samba-tool create takes the -home-drive directive but
doesn't actually create the drive. Does this mean we need to create the home
drive first(i.e /home/username/samba)? If so do we then need to setup
permissions to those folders manually?
No, you need to add:
session??? required?? pam_mkhomedir.so skel=/etc/skel/ umask=0022
To /etc/pam.d/common-session
Your users will get their homedirs created at first logon.
>
> [homes]
> comment = Home Directories
> path = /home/%U/samba
> read only = No
> create mask = 0700
> directory mask = 0700
> directory mode = 0700
> browseable = No
> wide links = Yes
> vfs objects = full_audit
I would change the above to:
[homes]
??????? comment = Home Directories
??????? path = /home/%U/samba
??????? read only = No
??????? vfs objects = full_audit
>
>
> The other question is that the /var/log/samba/log.%m file has become
> huge, 9 GB. Following the below , we added the max log size = 1000 in
> smb.conf and did the reload. The log file still hasn't rotated. Are we
> missing something ? The audit level is at 4
>
>
> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server
>
You will need to set up logrotating, see your distros documentation for how to
do this
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
2 things. Hai, Change [homes] to [users] and create the folder /home/LIN AD-DC's dont like [homes] Share /home/LIN as [users] Now, in the AD DC smb.conf, the templates settings are used by default. template homedir = /home/%D/%U Which results in your case to : /home/LIN/testhome2 That should do it, but rethink this part of you setup. You might need to change the pam part a bit, but it should use the homedir found with getent passwd username. Now above is how i would do it. For you most simple change is, try : template homedir = /home/%U Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Praveen Ghimire via samba > Verzonden: vrijdag 14 juni 2019 8:40 > Aan: 'Rowland penny' > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] AD home drive > > Hi Rowland, > > I've added the bit to the pam.d and rebooted the server but > still no go > > The following is from the log file for the machine (user is testhome2) > > adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$' > at '/home/%U/samba' > > get_auth_event_server: Failed to find 'auth_event' registered > on the message bus to send JSON authentication events to: > NT_STATUS_OBJECT_NAME_NOT_FOUND > > Adding homes service for user 'LIN\testhome2' using home > directory: '/home/LIN/testhome2' > > canonicalize_connect_path failed for service testhome2, path > /home/testhome2/samba > > > pam.d/common-session > > # here are the per-package modules (the "Primary" block) > session [default=1] pam_permit.so > # here's the fallback if no module succeeds > session requisite pam_deny.so > # prime the stack with a positive return value if there isn't > one already; > # this avoids us returning an error just because nothing sets > a success code > # since the modules above will each just jump around > session required pam_permit.so > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 > # The pam_umask module will set the umask according to the > system default in > # /etc/login.defs and user settings, solving the problem of different > # umask settings with different shells, display managers, > remote sessions etc. > # See "man pam_umask". > session optional pam_umask.so > # and here are more per-package modules (the "Additional" block) > session required pam_unix.so > session optional pam_winbind.so > session optional pam_systemd.so > # end of pam-auth-update config > > Permissions of /home > > drwxr-xr-x 225 root root 225 Jun 14 05:22 home > > smb.conf: Home > > [homes] > comment = Home Directories > > # create mask = 0700 > # directory mask = 0700 > # browseable = No > read only = No > path = /home/%U/samba > vfs objects = full_audit > # follow symlinks = yes > # wide links = yes > > Smb.conf: Global > > [global] > workgroup = LIN > realm = LIN.GROUP > netbios name = SERVER5 > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > log file = /var/log/samba/log.%m > log level = 4 > winbind nss info = rfc2307 > winbind enum users = yes > winbind enum groups = yes > > > > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf > Of Rowland penny via samba > Sent: Thursday, 13 June 2019 10:00 PM > To: samba at lists.samba.org > Subject: Re: [Samba] AD home drive > > On 13/06/2019 12:42, Praveen Ghimire via samba wrote: > > Hi , > > > > We have an DC (Ubuntu18.04) which also acts as a file > server. The server was recently classic upgraded to AD. > Before that all the home drives were in /home. When we > migrated to change we added the following in smb.conf to give > users access to their existing home folders. > > > > The problem now is that when we create a user either using > samba-tool create user username or smbpasswd or even via > RSAT, it doesn't auto create the home drive. The samba-tool > create takes the -home-drive directive but doesn't actually > create the drive. Does this mean we need to create the home > drive first(i.e /home/username/samba)? If so do we then need > to setup permissions to those folders manually? > > No, you need to add: > > session??? required?? pam_mkhomedir.so skel=/etc/skel/ umask=0022 > > To /etc/pam.d/common-session > > Your users will get their homedirs created at first logon. > > > > > [homes] > > comment = Home Directories > > path = /home/%U/samba > > read only = No > > create mask = 0700 > > directory mask = 0700 > > directory mode = 0700 > > browseable = No > > wide links = Yes > > vfs objects = full_audit > > I would change the above to: > > [homes] > ??????? comment = Home Directories > ??????? path = /home/%U/samba > ??????? read only = No > ??????? vfs objects = full_audit > > > > > > > The other question is that the /var/log/samba/log.%m file > has become > > huge, 9 GB. Following the below , we added the max log size > = 1000 in > > smb.conf and did the reload. The log file still hasn't > rotated. Are we > > missing something ? The audit level is at 4 > > > > > > > https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server > > > You will need to set up logrotating, see your distros > documentation for how to do this > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > ______________________________________________________________________ > This email has been scanned by the Symantec Email > Security.cloud service. > For more information please visit > http://www.symanteccloud.com > ______________________________________________________________________ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >