Re: [Samba] Member Server Configuration
- Date: Fri, 10 Nov 2017 09:14:51 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Member Server Configuration
A bit cleaner way to mk_homedir, I would try to avoid changing manualy settings in pam.
echo "Name: Create home directory during login
required pam_mkhomedir.so umask=0022 skel=/etc/skel
" > /usr/share/pam-configs/mkhomedir
And run :
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Rowland Penny via samba
> Verzonden: donderdag 9 november 2017 23:13
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Member Server Configuration
> On Thu, 9 Nov 2017 21:47:11 -0000
> Roy Eastwood via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > Thanks Rowland.
> > See inline comments.
> > >On Thu, 9 Nov 2017 17:08:52 -0000
> > >Rowland Penny via samba<samba at lists.samba.org> wrote:
> > > See inline Comments:
> > >
> > > On Thu, 9 Nov 2017 16:11:49 -0000
> > > Roy Eastwood via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hi,
> > > > I have a Debian Stretch machine with Louis' samba 4.7.1 package
> > > > installed. I have configured it as a member server and
> joined it
> > > > to my test domain. I tried the idmap rid back end and all
> > > > worked ok, but am now trying the idmap ad back end. I have
> > > > users' home folders saved to a users share on the member server,
> > > > configured to allow auto-creation of home folders when the
> > > > windows user logs in for the first time. That's working OK
> > > > after some adjustments to the ntfs and share permissions which
> > > > vary from the samba WiKi page
> > > > (https://wiki.samba.org/index.php/User_Home_Folders ) after
> > > > reading this https://support.microsoft.com/en-gb/help/555046.
> > > > Also if users are allowed to log in locally as a unix
> user to the
> > > > member server, I found that the unix permissions had to include
> > > > rwx for the domain users group otherwise they are unable to
> > > > access their home folder. Does the WiKi need updating?
> > >
> > > Probably not.
> > OK, fine, but I couldn't get auto-creation of home folders to work
> > with just the settings in the WiKi.
> If you are talking about creating auto-creating users home folders on
> Unix machines, this is quite easy, when you know how ;-)
> Add this line to /etc/pam.d/common-session
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> Then when a user logs in, if the users homedir doesn't exist, it will
> be created.
> > > > I either
> > > > allocate a UID/GID in AD - in which case I can log in OK.
> > > > However, if I use the username map parameter in smb.conf along
> > > > with the appropriate file user.map to map administrator to root,
> > > > the WiKi says do not allocate a UID and GID in AD. So I took
> > > > these off but I cannot log in now to the member server as
> > > > administrator. Neither does administrator show up in the output
> > > > of getent passwd.
> > >
> > > Ah, but you are using a user.map, which maps 'Administrator' to
> > > 'root', so guess who you should log onto the Unix machine as ?
> > Yes, indeed. Actually I use another user and then sudo,
> but winds up
> > as the same thing.
> It also works from windows, you can do things from windows on a Unix
> machine, set windows ACLs etc.
> > So the section on the WiKi page for "Mapping the Domain
> > Account to the local root user" is never going to work for logging
> > onto the member server itself? I assume therefore this will only
> > apply if the administrator on another member client machine saves
> > files etc, they will be owned by root rather than the Domain
> > Administrator account? If so I misunderstood the purpose of that
> > section!
> Yes, that is basically how it works, but it goes further, it
> allows you
> to do the things that Administrator does on Windows, on Unix domain
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the