Jelle de Jong
2020-Apr-29 21:07 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
Hello everybody, I been at this for more then a week and went through the archives and wiki but can not get it to work. I been trying to follow these steps: https://wiki.samba.org/index.php/User_Home_Folders wanted behavior: samba-tool user create jdoe pass01 --login-shell /bin/bash --given-name "John Doe" --home-drive=H --home-directory="\\\SAMBA01\users\jdoe --script-path=netlogon.bat first logon on windows 10 pro domain member: no \\SAMBA01\users\jdoe is created.... When I logon as SAMDOM/ADMINISTRATOR and create user with ADUC and fill in the profile the userdir is either added or it gives the error that the user dir already exist but in really it is not there, cashing issue? How can I debug this all? Kind regards, Jelle de Jong root at samba01:~# getfacl /srv/storage/users/ getfacl: Removing leading '/' from absolute path names # file: srv/storage/users/ # owner: root # group: domain\040users # flags: -s- user::rwx user:root:rwx user:10512:rwx user:10513:r-x group::r-x group:NT\040Authority\\authenticated\040users:r-x group:NT\040Authority\\system:rwx group:domain\040admins:rwx group:domain\040users:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:10512:rwx default:group::--- default:group:NT\040Authority\\system:rwx default:group:domain\040admins:rwx default:group:domain\040users:--- default:mask::rwx default:other::--- root at samba01:~# cat /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.POWERCRAFT.NL winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config SAMDOM:backend = rid #idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 10000-999999 #idmap config SAMDOM:unix_nss_info = yes template shell = /bin/bash template homedir = /home/%U idmap config SAMDOM:unix_primary_group = yes winbind enum users = yes winbind enum groups = yes [documenten] path = /srv/storage/shares read only = No create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes vfs objects = recycle recycle:touch_mtime = Yes recycle:versions = Yes recycle:keeptree = Yes [openbaar] path = /srv/storage/guestshare store dos attributes = Yes writable = yes printable = no only guest = yes public = yes guest ok = yes guest only = yes guest account = nobody browsable = yes create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes [users] path = /srv/storage/users/ read only = No [profiles] path = /srv/storage/profiles/ browseable = No read only = No force create mode = 0600 force directory mode = 0700 csc policy = disable store dos attributes = yes vfs objects = acl_xattr
miguel medalha
2020-Apr-29 22:55 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
I don't know exactly what you are trying to achieve, but isn't the notion of "home folder" somewhat a thing of the past? I use Folder Redirection with Windows 10 clients (and Windows 7 before) and it works like a charm. User Profile folders are created automatically at first login. Furthermore, it gives most of the advantages of roaming profiles without their huge disadvantages in today's environment. All your users' profiles are nicely hosted in the same place on a server and you can very easily backup them all. To increase privacy, you can use "hide unreadable = yes" at the share level.
Jelle de Jong
2020-Apr-29 23:43 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 2020-04-30 00:55, miguel medalha wrote:> I don't know exactly what you are trying to achieve, but isn't the notion of > "home folder" somewhat a thing of the past? I use Folder Redirection with > Windows 10 clients (and Windows 7 before) and it works like a charm. User > Profile folders are created automatically at first login. Furthermore, it > gives most of the advantages of roaming profiles without their huge > disadvantages in today's environment. All your users' profiles are nicely > hosted in the same place on a server and you can very easily backup them > all. To increase privacy, you can use "hide unreadable = yes" at the share > level.I got Folder Redirection on as well but I want to redirect to the users homeDirectory and for that this directory needs to be automatic created. I got my profile and users share on my samba fileserver and not addc. The profile is created file, but the homeDirectory is not... and then the folder redirection is failing as well. # cat /var/lib/samba/sysvol/samdom.powercraft.nl/Policies/\{5B881613-EA4F-4E6B-B4E9-3B219AE86C44\}/User/Documents\ \&\ Settings/fdeploy.ini ?? [FolderStatus] My Pictures=2 My Documents=0 [My Pictures] [My Documents] s-1-1-0=\\%HOMESHARE%%HOMEPATH%
Christopher Cox
2020-Apr-30 03:35 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 4/29/20 5:55 PM, miguel medalha via samba wrote:> I don't know exactly what you are trying to achieve, but isn't the notion of > "home folder" somewhat a thing of the past? I use Folder Redirection with > Windows 10 clients (and Windows 7 before) and it works like a charm. User > Profile folders are created automatically at first login. Furthermore, it > gives most of the advantages of roaming profiles without their huge > disadvantages in today's environment. All your users' profiles are nicely > hosted in the same place on a server and you can very easily backup them > all. To increase privacy, you can use "hide unreadable = yes" at the share > level. > >Just for my own education, isn't folder redirection limited to the "shell folders" like Documents, Downloads, Desktop, Videos, Pictures and such? With that said, I do have some users "shell folders" redirected to my Samba server. But, I also can do the home folder thing as well and can understand there might be cases where that's preferred since not everything in your home (and correct me if I'm wrong) is "redirectable" in the way I think we're talking about.
Marco Gaiarin
2020-Apr-30 07:32 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
Mandi! Jelle de Jong via samba In chel di` si favelave...> first logon on windows 10 pro domain member: > no \\SAMBA01\users\jdoe is created....I don't know if this is a fix, but for home folder/drive, i use a 'root preexec' script, that create the folder and set some other things (eg, mostly quota). For me: root preexec = /etc/samba/createhome "%U" -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland penny
2020-Apr-30 07:49 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 29/04/2020 22:07, Jelle de Jong via samba wrote:> Hello everybody, > > I been at this for more then a week and went through the archives and > wiki but can not get it to work. > > > root at samba01:~# cat /etc/samba/smb.conf > [global] > > ?? #username map = /usr/local/samba/etc/user.mapYou need the user.map> > > ?? idmap config SAMDOM:backend = rid > ?? idmap config SAMDOM:range = 10000-999999You need to use the 'ad' backend> > ?? template homedir = /home/%UI think that is your problem right there, if you are trying to create a link something like map 'H:' to '/home/%U' in the 'profiles' tab (%U could be a username), it will not work. This was raised here recently and I said it didn't work, well it does, provide you do not specify '%U' in the share path in smb.conf, the only possible problem could be the permissions the users dir gets created with and you can fix that with a 'root preexec' script.> > ?? idmap config SAMDOM:unix_primary_group = yesThat only works with the 'ad' backend> > ?? winbind enum users = yes > ?? winbind enum groups = yesNever set those, they just slow things down.> > [documenten] > ??? path = /srv/storage/shares > ??? read only = No > ??? create mask = 0660 > ??? directory mask = 0770 > ??? inherit acls = Yes > ??? map acl inherit = Yes > ??? hide unreadable = Yes > ??? store dos attributes = Yes > ??? vfs objects = recycleYou have turned acl_xattr off Rowland
Rowland penny
2020-Apr-30 08:15 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 30/04/2020 08:32, Marco Gaiarin via samba wrote:> I don't know if this is a fix, but for home folder/drive, i use a 'root > preexec' script, that create the folder and set some other things (eg, > mostly quota). > > For me: > root preexec = /etc/samba/createhome "%U" >How does your script know where to create the users homedir ? Rowland
Jelle de Jong
2020-Apr-30 19:57 UTC
[Samba] steps to get automatic home folder created at user logon windows 10 with samba 4.9.5-Debian
On 2020-04-30 09:49, Rowland penny via samba wrote:> On 29/04/2020 22:07, Jelle de Jong via samba wrote: >> Hello everybody, >> >> I been at this for more then a week and went through the archives and >> wiki but can not get it to work. >> >> >> root at samba01:~# cat /etc/samba/smb.conf >> [global] >> >> ?? #username map = /usr/local/samba/etc/user.map > You need the user.map >> >> >> ?? idmap config SAMDOM:backend = rid >> ?? idmap config SAMDOM:range = 10000-999999 > You need to use the 'ad' backend >> >> ?? template homedir = /home/%U > I think that is your problem right there, if you are trying to create a > link something like map 'H:' to '/home/%U' in the 'profiles' tab (%U > could be a username), it will not work. This was raised here recently > and I said it didn't work, well it does, provide you do not specify '%U' > in the share path in smb.conf, the only possible problem could be the > permissions the users dir gets created with and you can fix that with a > 'root preexec' script. >> >> ?? idmap config SAMDOM:unix_primary_group = yes > That only works with the 'ad' backend >> >> ?? winbind enum users = yes >> ?? winbind enum groups = yes > Never set those, they just slow things down. >> >> [documenten] >> ??? path = /srv/storage/shares >> ??? read only = No >> ??? create mask = 0660 >> ??? directory mask = 0770 >> ??? inherit acls = Yes >> ??? map acl inherit = Yes >> ??? hide unreadable = Yes >> ??? store dos attributes = Yes >> ??? vfs objects = recycle > You have turned acl_xattr offI never was able to get the backend = ad working I only need my user to be able to login to Windows 10 systems from a domain joined machine. This is how I add my users: samba-tool user create lgaga passwd --login-shell /bin/bash --given-name "Lady Gaga" --home-drive=H --home-directory="\\\SAMBA01\users\lgaga" Based on this wiki https://wiki.samba.org/index.php/Idmap_config_ad I tried the bellow configuration again but it did now work. getent passwd user or id user does not do anything. I think I am missing the prerequisites when using samba-tool to create the user as above? Can I use the rid backend when I just want windows users to have file access? root at samba01:~# cat /etc/samba/smb.conf [global] workgroup = SAMDOM security = ADS realm = SAMDOM.HUIGHAVERLAG.NL winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 # idmap config SAMDOM:backend = rid idmap config SAMDOM:backend = ad idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 10000-999999 idmap config SAMDOM:unix_nss_info = yes # template shell = /bin/bash # template homedir = /home/%U idmap config SAMDOM:unix_primary_group = yes [documenten] path = /srv/storage/shares read only = No create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes vfs objects = recycle recycle:touch_mtime = Yes recycle:versions = Yes recycle:keeptree = Yes [openbaar] path = /srv/storage/guestshare store dos attributes = Yes writable = yes printable = no only guest = yes public = yes guest ok = yes guest only = yes guest account = nobody browsable = yes create mask = 0660 directory mask = 0770 inherit acls = Yes map acl inherit = Yes hide unreadable = Yes store dos attributes = Yes [users] path = /srv/storage/users/ read only = No root preexec = /usr/local/bin/samba-mkdir-home %H %U [profiles] path = /srv/storage/profiles/ read only = No browsable = yes