Rowland penny
2020-Apr-10 20:53 UTC
[Samba] Users' Home Folders - conflicting advice in WiKi
On 10/04/2020 21:25, Alex MacCuish via samba wrote:> The way I do it, I create the home folder share on the server and set > the required ACLs as in the wiki. Then I fill in the field in the ADUC > Pane, Profile Path. Then I click ok. At that point, ADUC should open a > connection to the share, create the new folder, set the acl correctly > and then change the ownership.Hang on, that isn't the users home directory, it is the users Windows profile. There are a couple of other attributes possibly in play here: homeDirectory unixHomeDirectory The first is for the path to the Windows home directory, e.g. '\\computername\users\username' The second is for the path to the Unix home directory, e.g. '/home/username'> > pam_mkhomedir is for when you're logging in say via SSH and unix needs > somewhere to put your dot files. It's not automatically mounted from > the user home share. These are two separate concepts. pam_mkhomedir, > as far as I know, never automatically creates home directories on the > server in the user profile share.If you log in using ssh or directly to the computer, then Samba isn't used and either you must create the users home directory, or use pam_mkhomedir to create it for you. If you connect to a users home directory via Samba, then the users home directory must exist or you need to create it via a 'root prexec' script, pam_mkhomedir will not be used. Rowland
Viktor Trojanovic
2020-Apr-11 09:55 UTC
[Samba] Users' Home Folders - conflicting advice in WiKi
On 10.04.2020 22:53, Rowland penny via samba wrote:> On 10/04/2020 21:25, Alex MacCuish via samba wrote: >> The way I do it, I create the home folder share on the server and set >> the required ACLs as in the wiki. Then I fill in the field in the >> ADUC Pane, Profile Path. Then I click ok. At that point, ADUC should >> open a connection to the share, create the new folder, set the acl >> correctly and then change the ownership. > > Hang on, that isn't the users home directory, it is the users Windows > profile. > > There are a couple of other attributes possibly in play here: > > homeDirectory > > unixHomeDirectory > > The first is for the path to the Windows home directory, e.g. > '\\computername\users\username' > > The second is for the path to the Unix home directory, e.g. > '/home/username' >Rowland, The introduction to the Wiki page found on https://wiki.samba.org/index.php/User_Home_Folders states: "In the following, the directory containing the home folders are shared using the users share name. Each user's home directory is created as a subdirectory on the \\server\users\ share, such as, \\server\users\user_name. This is the same format used in a Microsoft Windows environment and requires no additional work to set up." Frankly, the whole page could probably use some clean-up in terms of language and terminology but the way it is written now, I understand it to be an instruction how to create Windows home directories, or Windows profiles, whatever you wish to call them and the introduction seems to confirm this. Which means that some of the statements, such as the one mentioned by Roy, seem out of place. IMO no one visiting this page is expecting to find information on how to have Samba create Unix home folders. Having said that, you have shared quite a lot of useful information on this topic with the list already, why not create a separate Wiki page, or section at least, that discusses Unix home folders and clean up the page for Windows home folders? Viktor
Roy Eastwood
2020-Apr-11 09:59 UTC
[Samba] Users' Home Folders - conflicting advice in WiKi
On 10/04/2020 21:53, Rowland penny wrote:> On 10/04/2020 21:25, Alex MacCuish via samba wrote: > > The way I do it, I create the home folder share on the server and set > > the required ACLs as in the wiki. Then I fill in the field in the ADUC > > Pane, Profile Path. Then I click ok. At that point, ADUC should open a > > connection to the share, create the new folder, set the acl correctly > > and then change the ownership. > > Hang on, that isn't the users home directory, it is the users Windows profile. > > There are a couple of other attributes possibly in play here: > > homeDirectory > > unixHomeDirectory > > The first is for the path to the Windows home directory, e.g. > '\\computername\users\username' > > The second is for the path to the Unix home directory, e.g. '/home/username' > > > > > pam_mkhomedir is for when you're logging in say via SSH and unix needs > > somewhere to put your dot files. It's not automatically mounted from > > the user home share. These are two separate concepts. pam_mkhomedir, > > as far as I know, never automatically creates home directories on the > > server in the user profile share. > > If you log in using ssh or directly to the computer, then Samba isn't used and either you must create the users home directory, oruse> pam_mkhomedir to create it for you. >Yes.> If you connect to a users home directory via Samba, then the users home directory must exist or you need to create it via a 'root > prexec' script, pam_mkhomedir will not be used.The script is not required, at least in my setup. Obviously there's something different on my system compared to yours, but this has come up before - https://lists.samba.org/archive/samba/2019-October/226432.html, so it works for others as well. So it would be interesting to know why your setup doesn't work. FWIW, ADUC is running on Windows 10, the Windows ACLs on the share (running on Debian Buster) are: Domain Admins, Full control, This folder, subfolders and files CREATOR OWNER, Full control, Subfolders and files only SYSTEM, Full control, This folder, subfolders and files Domain Users, Read and execute, This folder only (Inheritance disabled) The share permissions are: Everyone, Full control HTH Roy
Rowland penny
2020-Apr-11 10:12 UTC
[Samba] Users' Home Folders - conflicting advice in WiKi
On 11/04/2020 10:55, Viktor Trojanovic via samba wrote:> > On 10.04.2020 22:53, Rowland penny via samba wrote: >> On 10/04/2020 21:25, Alex MacCuish via samba wrote: >>> The way I do it, I create the home folder share on the server and >>> set the required ACLs as in the wiki. Then I fill in the field in >>> the ADUC Pane, Profile Path. Then I click ok. At that point, ADUC >>> should open a connection to the share, create the new folder, set >>> the acl correctly and then change the ownership. >> >> Hang on, that isn't the users home directory, it is the users Windows >> profile. >> >> There are a couple of other attributes possibly in play here: >> >> homeDirectory >> >> unixHomeDirectory >> >> The first is for the path to the Windows home directory, e.g. >> '\\computername\users\username' >> >> The second is for the path to the Unix home directory, e.g. >> '/home/username' >> > Rowland, > > The introduction to the Wiki page found on > https://wiki.samba.org/index.php/User_Home_Folders states: > > "In the following, the directory containing the home folders are > shared using the users share name. Each user's home directory is > created as a subdirectory on the \\server\users\ share, such as, > \\server\users\user_name. This is the same format used in a Microsoft > Windows environment and requires no additional work to set up." > > Frankly, the whole page could probably use some clean-up in terms of > language and terminology but the way it is written now, I understand > it to be an instruction how to create Windows home directories, or > Windows profiles, whatever you wish to call them and the introduction > seems to confirm this. Which means that some of the statements, such > as the one mentioned by Roy, seem out of place. IMO no one visiting > this page is expecting to find information on how to have Samba create > Unix home folders. > > Having said that, you have shared quite a lot of useful information on > this topic with the list already, why not create a separate Wiki page, > or section at least, that discusses Unix home folders and clean up the > page for Windows home folders? > > Viktor > > >To be honest, the wikipage is a mess, it is titled 'User Home Folders' but then talks about profiles, the two are entirely different. If you want roaming profiles, then the path to this is set in the 'profilePath' attribute. If you want to use the users home directory (which is usually mounted on a drive letter), you set the path in the 'HomeDirectory' attribute. Finally, the path to the Unix users home directory is set in the aptly named 'unixHomeDirectory' attribute. The other problem with the wikipage is that it states that you cannot use the '[homes]' share, this is just wrong, because you can. I will rewrite the page, which will also possibly mean rewriting this page as well: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles Rowland
Rowland penny
2020-Apr-11 10:14 UTC
[Samba] Users' Home Folders - conflicting advice in WiKi
On 11/04/2020 10:59, Roy Eastwood wrote:> The script is not required, at least in my setup. Obviously there's something different on my system compared to yours, but this > has come up before - https://lists.samba.org/archive/samba/2019-October/226432.html, so it works for others as well. >It works for you because you are setting a different thing to myself ;-) Rowland