On Wednesday, January 5, 2022, 05:26:31 p.m. EST, spindles seven via samba <samba at lists.samba.org> wrote: On 05 January 2022 21:30 Carl Hunter via samba wrote:> So if I'm understanding this correctly the home account for a users samba file share is independent of the AD user right?? So it > sounds to me like I'm just replacing the pdbedit command with the two samba-tool commands.? One for the user, one for the > group.? I'll still need the adduser command to actually create the users home folder.?? > Thanks > CarlAs you have Windows 7 machines, I personally would install RSAT on one of these machines and use Active Directory Users and Computers to create users, manage group membership etc.? If you point the user's Home folder on the Profile tab to the user's home folder on the file server, ADUC will also automatically create the folder for you with the correct permissions (providing you have set up the share correctly using Windows ACLs).? No need for any pre-exec scripts etc.? After all you are using samba to serve Active Directory to Windows machines, therefore use the Windows tools, they work perfectly well with samba.? Just my personal preference - you choose what's best for you. Roy Could you explain the statement "providing you have set up the share correctly using Windows ACLs"?? Would this have been set up when I ran the classicupgrade?? This does seem like the way to go but I'm not sure what to do with all my current users.? Would they all need to be converted??? Thanks Carl
On Thu, 2022-01-06 at 15:50 +0000, Carl Hunter via samba wrote:> >> Could you explain the statement "providing you have set up the share > correctly using Windows ACLs"? Would this have been set up when I > ran the classicupgrade? This does seem like the way to go but I'm > not sure what to do with all my current users. Would they all need > to be converted?If you follow the links I provided earlier, you will set up the ACLs correctly. I think one of the problems here is that there are two possible home directories in play here: Windows home directories Unix home directories Each is meant for a different reason, the Windows home directory is best set through ADUC, this will create the required directory with the required permissions. Unix home directories are just that, the home directory for users that log into a Unix machine directly (or via Samba if it already exists, or is created using a root preexec script at first connection) Another problem is that the OP has upgraded an NT4-style domain to an AD domain and is still thinking in NT4-style, he needs to forget most of what he knows and start thinking in AD. There is similarity between an NT4-style domain and an AD domain, but they are very different, mostly for the better. If the OP is only going to have the Samba machine as a DC and fileserver (not recommended), then he is constrained by what the DC is capable of, he must use the xidNumber IDs (numbers in the 3000000 range) and cannot use any other rfc2307 attributes. Rowland