Jelle de Jong
2020-Apr-29 21:07 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
Hello everybody,
I been at this for more then a week and went through the archives and
wiki but can not get it to work.
I been trying to follow these steps:
https://wiki.samba.org/index.php/User_Home_Folders
wanted behavior:
samba-tool user create jdoe pass01 --login-shell /bin/bash --given-name
"John Doe" --home-drive=H --home-directory="\\\SAMBA01\users\jdoe
--script-path=netlogon.bat
first logon on windows 10 pro domain member:
no \\SAMBA01\users\jdoe is created....
When I logon as SAMDOM/ADMINISTRATOR and create user with ADUC and fill
in the profile the userdir is either added or it gives the error that
the user dir already exist but in really it is not there, cashing issue?
How can I debug this all?
Kind regards,
Jelle de Jong
root at samba01:~# getfacl /srv/storage/users/
getfacl: Removing leading '/' from absolute path names
# file: srv/storage/users/
# owner: root
# group: domain\040users
# flags: -s-
user::rwx
user:root:rwx
user:10512:rwx
user:10513:r-x
group::r-x
group:NT\040Authority\\authenticated\040users:r-x
group:NT\040Authority\\system:rwx
group:domain\040admins:rwx
group:domain\040users:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:10512:rwx
default:group::---
default:group:NT\040Authority\\system:rwx
default:group:domain\040admins:rwx
default:group:domain\040users:---
default:mask::rwx
default:other::---
root at samba01:~# cat /etc/samba/smb.conf
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.POWERCRAFT.NL
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
#username map = /usr/local/samba/etc/user.map
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM:backend = rid
#idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-999999
#idmap config SAMDOM:unix_nss_info = yes
template shell = /bin/bash
template homedir = /home/%U
idmap config SAMDOM:unix_primary_group = yes
winbind enum users = yes
winbind enum groups = yes
[documenten]
path = /srv/storage/shares
read only = No
create mask = 0660
directory mask = 0770
inherit acls = Yes
map acl inherit = Yes
hide unreadable = Yes
store dos attributes = Yes
vfs objects = recycle
recycle:touch_mtime = Yes
recycle:versions = Yes
recycle:keeptree = Yes
[openbaar]
path = /srv/storage/guestshare
store dos attributes = Yes
writable = yes
printable = no
only guest = yes
public = yes
guest ok = yes
guest only = yes
guest account = nobody
browsable = yes
create mask = 0660
directory mask = 0770
inherit acls = Yes
map acl inherit = Yes
hide unreadable = Yes
store dos attributes = Yes
[users]
path = /srv/storage/users/
read only = No
[profiles]
path = /srv/storage/profiles/
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
store dos attributes = yes
vfs objects = acl_xattr
miguel medalha
2020-Apr-29 22:55 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
I don't know exactly what you are trying to achieve, but isn't the notion of "home folder" somewhat a thing of the past? I use Folder Redirection with Windows 10 clients (and Windows 7 before) and it works like a charm. User Profile folders are created automatically at first login. Furthermore, it gives most of the advantages of roaming profiles without their huge disadvantages in today's environment. All your users' profiles are nicely hosted in the same place on a server and you can very easily backup them all. To increase privacy, you can use "hide unreadable = yes" at the share level.
Jelle de Jong
2020-Apr-29 23:43 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 2020-04-30 00:55, miguel medalha wrote:> I don't know exactly what you are trying to achieve, but isn't the notion of > "home folder" somewhat a thing of the past? I use Folder Redirection with > Windows 10 clients (and Windows 7 before) and it works like a charm. User > Profile folders are created automatically at first login. Furthermore, it > gives most of the advantages of roaming profiles without their huge > disadvantages in today's environment. All your users' profiles are nicely > hosted in the same place on a server and you can very easily backup them > all. To increase privacy, you can use "hide unreadable = yes" at the share > level.I got Folder Redirection on as well but I want to redirect to the users homeDirectory and for that this directory needs to be automatic created. I got my profile and users share on my samba fileserver and not addc. The profile is created file, but the homeDirectory is not... and then the folder redirection is failing as well. # cat /var/lib/samba/sysvol/samdom.powercraft.nl/Policies/\{5B881613-EA4F-4E6B-B4E9-3B219AE86C44\}/User/Documents\ \&\ Settings/fdeploy.ini ?? [FolderStatus] My Pictures=2 My Documents=0 [My Pictures] [My Documents] s-1-1-0=\\%HOMESHARE%%HOMEPATH%
Christopher Cox
2020-Apr-30 03:35 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 4/29/20 5:55 PM, miguel medalha via samba wrote:> I don't know exactly what you are trying to achieve, but isn't the notion of > "home folder" somewhat a thing of the past? I use Folder Redirection with > Windows 10 clients (and Windows 7 before) and it works like a charm. User > Profile folders are created automatically at first login. Furthermore, it > gives most of the advantages of roaming profiles without their huge > disadvantages in today's environment. All your users' profiles are nicely > hosted in the same place on a server and you can very easily backup them > all. To increase privacy, you can use "hide unreadable = yes" at the share > level. > >Just for my own education, isn't folder redirection limited to the "shell folders" like Documents, Downloads, Desktop, Videos, Pictures and such? With that said, I do have some users "shell folders" redirected to my Samba server. But, I also can do the home folder thing as well and can understand there might be cases where that's preferred since not everything in your home (and correct me if I'm wrong) is "redirectable" in the way I think we're talking about.
Marco Gaiarin
2020-Apr-30 07:32 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
Mandi! Jelle de Jong via samba In chel di` si favelave...> first logon on windows 10 pro domain member: > no \\SAMBA01\users\jdoe is created....I don't know if this is a fix, but for home folder/drive, i use a 'root preexec' script, that create the folder and set some other things (eg, mostly quota). For me: root preexec = /etc/samba/createhome "%U" -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland penny
2020-Apr-30 07:49 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 29/04/2020 22:07, Jelle de Jong via samba wrote:> Hello everybody, > > I been at this for more then a week and went through the archives and > wiki but can not get it to work. > > > root at samba01:~# cat /etc/samba/smb.conf > [global] > > ?? #username map = /usr/local/samba/etc/user.mapYou need the user.map> > > ?? idmap config SAMDOM:backend = rid > ?? idmap config SAMDOM:range = 10000-999999You need to use the 'ad' backend> > ?? template homedir = /home/%UI think that is your problem right there, if you are trying to create a link something like map 'H:' to '/home/%U' in the 'profiles' tab (%U could be a username), it will not work. This was raised here recently and I said it didn't work, well it does, provide you do not specify '%U' in the share path in smb.conf, the only possible problem could be the permissions the users dir gets created with and you can fix that with a 'root preexec' script.> > ?? idmap config SAMDOM:unix_primary_group = yesThat only works with the 'ad' backend> > ?? winbind enum users = yes > ?? winbind enum groups = yesNever set those, they just slow things down.> > [documenten] > ??? path = /srv/storage/shares > ??? read only = No > ??? create mask = 0660 > ??? directory mask = 0770 > ??? inherit acls = Yes > ??? map acl inherit = Yes > ??? hide unreadable = Yes > ??? store dos attributes = Yes > ??? vfs objects = recycleYou have turned acl_xattr off Rowland
Rowland penny
2020-Apr-30 08:15 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 30/04/2020 08:32, Marco Gaiarin via samba wrote:> I don't know if this is a fix, but for home folder/drive, i use a 'root > preexec' script, that create the folder and set some other things (eg, > mostly quota). > > For me: > root preexec = /etc/samba/createhome "%U" >How does your script know where to create the users homedir ? Rowland
Jelle de Jong
2020-Apr-30 19:57 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 2020-04-30 09:49, Rowland penny via samba wrote:> On 29/04/2020 22:07, Jelle de Jong via samba wrote: >> Hello everybody, >> >> I been at this for more then a week and went through the archives and >> wiki but can not get it to work. >> >> >> root at samba01:~# cat /etc/samba/smb.conf >> [global] >> >> ?? #username map = /usr/local/samba/etc/user.map > You need the user.map >> >> >> ?? idmap config SAMDOM:backend = rid >> ?? idmap config SAMDOM:range = 10000-999999 > You need to use the 'ad' backend >> >> ?? template homedir = /home/%U > I think that is your problem right there, if you are trying to create a > link something like map 'H:' to '/home/%U' in the 'profiles' tab (%U > could be a username), it will not work. This was raised here recently > and I said it didn't work, well it does, provide you do not specify '%U' > in the share path in smb.conf, the only possible problem could be the > permissions the users dir gets created with and you can fix that with a > 'root preexec' script. >> >> ?? idmap config SAMDOM:unix_primary_group = yes > That only works with the 'ad' backend >> >> ?? winbind enum users = yes >> ?? winbind enum groups = yes > Never set those, they just slow things down. >> >> [documenten] >> ??? path = /srv/storage/shares >> ??? read only = No >> ??? create mask = 0660 >> ??? directory mask = 0770 >> ??? inherit acls = Yes >> ??? map acl inherit = Yes >> ??? hide unreadable = Yes >> ??? store dos attributes = Yes >> ??? vfs objects = recycle > You have turned acl_xattr offI never was able to get the backend = ad working I only need my user to be able to login to Windows 10 systems from a domain joined machine. This is how I add my users: samba-tool user create lgaga passwd --login-shell /bin/bash --given-name "Lady Gaga" --home-drive=H --home-directory="\\\SAMBA01\users\lgaga" Based on this wiki https://wiki.samba.org/index.php/Idmap_config_ad I tried the bellow configuration again but it did now work. getent passwd user or id user does not do anything. I think I am missing the prerequisites when using samba-tool to create the user as above? Can I use the rid backend when I just want windows users to have file access? root at samba01:~# cat /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.HUIGHAVERLAG.NL winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 # idmap config SAMDOM:backend = rid idmap config SAMDOM:backend = ad idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 10000-999999 idmap config SAMDOM:unix_nss_info = yes # template shell = /bin/bash # template homedir = /home/%U idmap config SAMDOM:unix_primary_group = yes [documenten] path = /srv/storage/shares read only = No create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes vfs objects = recycle recycle:touch_mtime = Yes recycle:versions = Yes recycle:keeptree = Yes [openbaar] path = /srv/storage/guestshare store dos attributes = Yes writable = yes printable = no only guest = yes public = yes guest ok = yes guest only = yes guest account = nobody browsable = yes create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes [users] path = /srv/storage/users/ read only = No root preexec = /usr/local/bin/samba-mkdir-home %H %U [profiles] path = /srv/storage/profiles/ read only = No browsable = yes