Stefan G. Weichinger
2019-Oct-10 10:14 UTC
[Samba] how to automatically create the home directory
Customer asks why [home] doesn't work for a new AD user, turns out the linux directory doesn't exist on the DM server How to let that directory be created? GPO? I find this: https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers but the GPO seems only to create the network drive ... but not the directory on the samba server itself. hints? thanks all ...
Rowland penny
2019-Oct-10 10:26 UTC
[Samba] how to automatically create the home directory
On 10/10/2019 11:14, Stefan G. Weichinger via samba wrote:> Customer asks why [home] doesn't work for a new AD user, turns out the > linux directory doesn't exist on the DM server > > How to let that directory be created? > > GPO? > > I find this: > > https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers > > but the GPO seems only to create the network drive ... but not the > directory on the samba server itself. > > hints? > > thanks all ... >There are three ways, depending on how the user connects. You can manually create a home directory for each user. If the user actually logs into the unix domain member, you can lever PAM to create the home directory the first the user connects If the user only connects over Samba, then you need to create the users home directory with a script. Myself and Louis wrote such a script, would you like a copy ? Rowland
> -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba > Sent: 10 October 2019 11:27 > To: samba at lists.samba.org > Subject: Re: [Samba] how to automatically create the home directory > > On 10/10/2019 11:14, Stefan G. Weichinger via samba wrote: > > Customer asks why [home] doesn't work for a new AD user, turns out the > > linux directory doesn't exist on the DM server > > > > How to let that directory be created? > > > > GPO? > > > > I find this: > > > > https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers > > > > but the GPO seems only to create the network drive ... but not the > > directory on the samba server itself. > > > > hints? > > > > thanks all ... > > > There are three ways, depending on how the user connects. > > You can manually create a home directory for each user. > > If the user actually logs into the unix domain member, you can lever PAM > to create the home directory the first the user connects > > If the user only connects over Samba, then you need to create the users > home directory with a script. Myself and Louis wrote such a script, > would you like a copy ? > > RowlandThere's fourth way, which is what is normally used in a Windows-only environment, but works just the same with home folders on a samba DM fileserver. The method relies on creating the user with RSAT tools using ADUC. On the Profile tab, set a drive letter, eg H: to the path to the home folder, specifying the user's name as %username% for example: Connect H: to \fileserver.samdom.example.com\users\%username% (You can use the short name for the domain or as here the fqdn.) Providing the Windows ACLs have been set up correctly on the share the user's home directory is created automatically. No script is needed. HTH Roy
Mason Schmitt
2019-Oct-10 11:57 UTC
[Samba] how to automatically create the home directory
If you're on a RedHat system with selinux (RHEL, CentOS, fedora), then it looks like <https://danwalsh.livejournal.com/69837.html> pam_oddjob_mkhomedir will create the home directories for you and also ensure that the correct selinux labels are applied. I have this on my todo list, as I'm currently using the ADUC method, which is labour intensive. -- Mason On Thu, 10 Oct 2019 at 03:27, Rowland penny via samba <samba at lists.samba.org> wrote:> On 10/10/2019 11:14, Stefan G. Weichinger via samba wrote: > > Customer asks why [home] doesn't work for a new AD user, turns out the > > linux directory doesn't exist on the DM server > > > > How to let that directory be created? > > > > GPO? > > > > I find this: > > > > > https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers > > > > but the GPO seems only to create the network drive ... but not the > > directory on the samba server itself. > > > > hints? > > > > thanks all ... > > > There are three ways, depending on how the user connects. > > You can manually create a home directory for each user. > > If the user actually logs into the unix domain member, you can lever PAM > to create the home directory the first the user connects > > If the user only connects over Samba, then you need to create the users > home directory with a script. Myself and Louis wrote such a script, > would you like a copy ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 10/10/2019 12:26, Rowland penny via samba wrote:> There are three ways, depending on how the user connects. > > You can manually create a home directory for each user. > > If the user actually logs into the unix domain member, you can lever PAM > to create the home directory the first the user connects > > If the user only connects over Samba, then you need to create the users > home directory with a script. Myself and Louis wrote such a script, > would you like a copy ? > > RowlandOn Debian we have enabled mkhomedir via pam-auth-update, this puts following line in /etc/pam.d/common-session-noninteractive: session required??????????????????????? pam_mkhomedir.so skel=/etc/skel umask=0022 Together with "obey pam restrictions = Yes" in /etc/samba/smb.conf this has been working great for us on both Windows, Linux and macOS for many years already. Home directories get automatically created when users first connect to the smb share / server. HTH; Cheers, Geert