samba - Apr 2020 - Users' Home Folders - conflicting advice in WiKi

On 10/04/2020 19:22 Rowland penny wrote:
> On 10/04/2020 18:02, Roy Eastwood via samba wrote:
> > Rowland,
> >
> > In the Wiki page "User Home Folders", Section 2.1
"Using Windows ACLs"
> > correctly describes how to set permissions to allow the Windows
> > program Active Directory Users and Computers to automatically create
the user's home
> > folder.   But in the next section  "Creating the Home folder for
a New User"
> > 3.1 "Using Windows ACLs", the blue box states that ADUC
cannot automatically
> > create home folders on a 'unix' machine.   Do you literally
mean unix?
> > Certainly on my Linux (Debian) machine it works OK.    Perhaps this
boxed
> > comment needs amendment?
> >
> > Cheers,
> >
> > Roy
> >
> 'unix' = any version of Unix, Linux is a version of Unix.
> 
> Are you sure that ADUC is creating the users home directory on your Linux
machines ?
Yes.  
> 
> As far as I am aware Samba doesn't have the code to do this and ADUC
running on Windows has no ability to do it either.
> 
> It could be that you have pam_mkhomedir set in your PAM stack and it is
this that is creating your users home directories at
login.
> 
No, I don't have this because I don't need domain users to log on with
SSH to the server.
> Myself and Louis collaborated to write a 'root prexec' script to
create the users home directory at Samba connection.
> 
> To the best of my knowledge, you have to use one or the other method.
> 
> Rowland
Just confirmed that pam_mkhomedir is not enabled, created a new user test2 using
ADUC.   Set the Home folder on the Profile tab to
connect H: to \\<server name>\users\test2 and the folder is created on the
server.

Regards,

Roy

On 11/04/2020 10:21, Roy Eastwood wrote:
> On 10/04/2020 19:22 Rowland penny wrote:
>> On 10/04/2020 18:02, Roy Eastwood via samba wrote:
>>> Rowland,
>>>
>>> In the Wiki page "User Home Folders", Section 2.1
"Using Windows ACLs"
>>> correctly describes how to set permissions to allow the Windows
>>> program Active Directory Users and Computers to automatically
create the user's home
>>> folder.   But in the next section  "Creating the Home folder
for a New User"
>>> 3.1 "Using Windows ACLs", the blue box states that ADUC
cannot automatically
>>> create home folders on a 'unix' machine.   Do you literally
mean unix?
>>> Certainly on my Linux (Debian) machine it works OK.    Perhaps this
boxed
>>> comment needs amendment?
>>>
>>> Cheers,
>>>
>>> Roy
>>>
>> 'unix' = any version of Unix, Linux is a version of Unix.
>>
>> Are you sure that ADUC is creating the users home directory on your
Linux machines ?
> Yes.
>
>> As far as I am aware Samba doesn't have the code to do this and
ADUC running on Windows has no ability to do it either.
>>
>> It could be that you have pam_mkhomedir set in your PAM stack and it is
this that is creating your users home directories at
> login.
> No, I don't have this because I don't need domain users to log on
with SSH to the server.
>
>> Myself and Louis collaborated to write a 'root prexec' script
to create the users home directory at Samba connection.
>>
>> To the best of my knowledge, you have to use one or the other method.
>>
>> Rowland
> Just confirmed that pam_mkhomedir is not enabled, created a new user test2
using ADUC.   Set the Home folder on the Profile tab to
> connect H: to \\<server name>\users\test2 and the folder is created
on the server.
>
> Regards,
>
> Roy
>
>
That is NOT the users home directory, Windows or Unix, you are setting 
the 'profilePath' attribute in the users AD object and Samba does have 
the code for that.

However, you are quite correct, the wikipage: 
https://wiki.samba.org/index.php/User_Home_Folders

Does require rewriting, section 2.1, at least, doesn't really have 
anything to do with user home directories, it seems to be about user 
profiles, which are entirely different.

Rowland

On 11/04/2020 11:00, Rowland penny wrote: 
> > Just confirmed that pam_mkhomedir is not enabled, created a new user
test2 using ADUC.   Set the Home folder on the Profile tab
> to
> > connect H: to \\<server name>\users\test2 and the folder is
created on the server.
> >
> > Regards,
> >
> > Roy
> >
> >
> That is NOT the users home directory, Windows or Unix, you are setting the
'profilePath' attribute in the users AD object and
Samba
> does have the code for that.
No, with respect, this is the Home folder - the User profile folder is at the
top half of that tab.   I was setting the address in
the lower half.  The fact that it is on the 'Profile' tab is a quirk of
Microsoft, and has been there since Windows 2000 (or perhaps
earlier!)

Regards,
Roy