Re: samba home folder share

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



i did it :D. Thank God
but i didn't used ACL since things are not that complicated in my office.

Thanks mate. if you find any security mistake or something please share.


[ProfileShare]

        comment = Roaming Profile Share
        path = /nas/users/%D/%U
        valid users = %U
        read only = No
        guest ok = No
        browseable = yes
        root preexec = /scripts/smbmkdir.sh %D %U
        create mask = 4770
        directory mask = 4770
#       map acl inherit = Yes
#       profile acls = Yes
        store dos attributes = Yes
        map archive = No
        map system = No
        map hidden = No
        map readonly = no



<smbmkdir.sh>
#!/bin/bash

if [ ! -e /nas/users/$1/$2 ]; then
   mkdir -p /nas/users/$1/$2
   chown $2:admin-grp /nas/users/$1/$2
   chmod 4770 /nas/users/$1/$2
fi
exit 0


On Mon, May 14, 2012 at 7:04 PM, Jorell <JorellF@xxxxxxxxxxxx> wrote:
> On 5/14/2012 6:42 AM, Muhammad Yousuf Khan wrote:
>>
>> On Sun, May 13, 2012 at 9:38 PM, Jorell<JorellF@xxxxxxxxxxxx>  wrote:
>>>
>>> On 5/10/2012 11:19 PM, Muhammad Yousuf Khan wrote:
>>>>
>>>>
>>>> i am u sing AD integrated Samba with winbind,I need to share a samba
>>>> home folder for every single user in my Active directory. since i dont
>>>> wanna create every user's directory i want samba to manage it. however
>>>> i dont wanna place the home folders on default path as the boot drive
>>>> (/dev/sda) is very small to store the data, beside that,  i do have
>>>> storage /nas/users which is a mount point of my raid array. so
>>>> specifically every user's home folder should be created on /nas/users
>>>> and this is my home share details in samba.
>>>>
>>>> [homes]
>>>>    comment = Home Directories
>>>>    browseable = yes
>>>>    writeable = yes
>>>>    create mask = 0700
>>>>    directory mask = 0700
>>>>    valid users = %S
>>>>
>>>> after sharing i can see two folders on the samba share
>>>> 1. admin (which is my valid user and i was expecting this)
>>>> 2. home ( this is some thing making me confuse, it shouldn't  suppose
>>>> to be there )
>>>>
>>>> however, when i click on both folders it gives me an error
>>>>
>>>> "you might not have permission to use this network resource ......
>>>> Blah blah blah"[global]
>>>>
>>>>        workgroup = xxxx
>>>>        realm = xxxx.COM
>>>>        netbios name = nasbox
>>>>        server string = %h server
>>>>        security = ADS
>>>>        obey pam restrictions = Yes
>>>>        pam password change = Yes
>>>>        passwd program = /usr/bin/passwd %u
>>>>        passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n *password\supd$
>>>>        unix password sync = Yes
>>>>        syslog = 0
>>>>        log file = /var/log/samba/log.%m
>>>>        max log size = 1000
>>>>        dns proxy = No
>>>>        panic action = /usr/share/samba/panic-action %d
>>>>        idmap uid = 10000-20000
>>>>        idmap gid = 10000-20000
>>>>        winbind enum users = Yes
>>>>        winbind enum groups = Yes
>>>>        winbind use default domain = Yes
>>>> .
>>>>
>>>> further, all other shares are working fine. here is my samba global.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks
>>>
>>>
>>>
>>> here is what I use in my conf
>>> [ProfileShare]
>>> ...
>>> root preexec = /root/pdc/smbmkhomedir.sh %D %U
>>> ...
>>>
>>>
>>> <  smbmkhomedir.sh>
>>> #!/bin/bash
>>> if [ ! -e /home/$1/$2 ]; then
>>>    mkdir -p /home/$1/$2
>>>    chown $2:"Domain Users" /home/$1/$2
>>>    chmod 4711 /home/$1/$2
>>>    setfacl --set=d:u::rwx,d:g::--x,d:o::---,d:u:$2:rwx,d:g:'domain
>>> users':--x /home/$1/$2
>>> fi
>>> exit 0
>>
>>
>>
>> can you please share a bit more
>>
>> [global]
>> ?
>> [profileshare]
>> ?
>>
>> that would be very helpful.
>>
>> Thank you,
>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> On my partition it mounts with "acl,user_xattr"
>
>
> [global]
> workgroup = MIDEARTH
> netbios name = FRODO
> realm = MIDEARTH.REALM
> server string = %D server (samba %v)
> security = ADS
> map to guest = Bad User
> encrypt passwords = Yes
> lanman auth = No
> ntlm auth = No
> client NTLMv2 auth = Yes
> printcap name = cups
> printing = cups
> disable spoolss = No
> show add printer wizard = No
> log file = /var/log/samba/log.%m
> max log size = 512
> syslog = 0
> map archive = No
> map system = No
> map hidden = No
> map readonly = No
> store dos attributes = Yes
>
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap backend = tdb
> idmap uid = 10000-19999
> idmap gid = 10000-19999
> idmap config MIDEARTH : backend = ad
> idmap config MIDEARTH : range = 20000-29999
>
> [ProfileShare]
> comment = Roaming Profile Share
> path = /home/%D/%U
> valid users = %U
> read only = No
> guest ok = No
> browseable = No
>
> root preexec = /root/pdc/smbmkhomedir.sh %D %U
> create mask = 4711
> directory mask = 4711
> map acl inherit = Yes
> profile acls = Yes
> store dos attributes = Yes
> map archive = No
> map system = No
> map hidden = No
> map readonly = no
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux