Web lists-archives.com

Re: [Samba] Map user home dir using GPO failing




>
> > I am trying to auto create and mount home directories using a GPO, as per
> > https://wiki.samba.org/index.php/User_Home_Folders.
> >
> > I currently have home directories being created, through the use of
> > pam_mkhomedir.so. with 'obey pam restrictions = yes' in my smb.conf file.
> > I have also setup the share permissions and Windows ACLs as per the above
> > link.
> >
> > Unfortunately, even though the user's home directory is being created on
> > the samba file server, I cannot see the new folder from Windows and my
> > GPO
> > is not mapping the network drive.  However, the same GPO does
> > successfully
> > map a drive for a different share.
> >
> Whilst you can use a GPO, you don't *need* a GPO to automatically create
> Users Home folders on the samba fileserver and map a drive in Windows.
>
> In ADUC on the Profile tab, connect the desired drive letter to the path
> to the users home folder, eg \\FILESERVER\USERS\%username%
>

This is what I'm trying to get away from.  I don't want to have to specify
a home dir drive letter and path for ever user, I'd rather create a new
user and have group policy work out the mapping.



> It is important to use the %username% instead of the actual username -
> that way the folder will get created automatically if it doesn't exist.
>

When in ADUC, on the profile tab of a user, if I specify the path as
'\\fileserver\users\%username%', Windows immediately replaces '%username%'
with the actual username, so I don't think this is helping anything.  From
what I have experienced, folder creation in Samba has nothing to do with
how a user's profile is setup in Windows.  Folder creation in Samba seems
to require *either *of the following in smb.conf:

   - Specifying a preexec script that will create the home dir and then
   creating the necessary script for samba to call.
   - Specifying ' obey pam restrictions = yes'and then adding'session
   required pam_mkhomedir.so skel=/etc/skel/ umask=0022'to
   /etc/pam.d/common-session

I chose the latter option.



> Also the correct Windows ACLs must be set on the USERS directory for this
> to work correctly.   See the WiKi at:
> https://wiki.samba.org/index.php/User_Home_Folders for details.
>

Yes, as indicated in my initial email, I did setup the windows ACLs as per
that wiki page.

Should I perhaps be using a logon script, rather than the GPO map drive
feature?

I'm hoping someone is able to shed some light on this issue.  What is
working for others?


Thanks,
Mason
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba