Ubuntu Servers :: Samba - ADS- Automatically Create Home Directories
Mar 22, 2010
At work, using SambaKerberos and ActiveDirectoryWinbindHowto, I joined my machine to our ADS network. Again using ActiveDirectoryWinbindHowto, I modified both common-account and common-auth with these settings.
I want to automaticly set the group ownership of user home directories to a group that the user is not part of. This is so that Apache can be part of this group and can access user public HTML directory, but other users are not able to access in any way the files in the users home directory. What I have seen that works manually is adding the user and then changing the group for the home directory. But I want to automatically set this when the user account is created. WHat I see happening is that when /etc/skel is copied, it automatically sets the group and ownership of everything to the users default group and ownership. I've seen some suggestions on setting permissions, but these don't seem to work because it seems that users are able to cd into a directory and not list it, but if they know the file name they can access the file.
I'm trying to configure a per user samba login for full access to the user's home directory.Mounting the shared directory works flawless when mounting from Windows. I can read, write, create without problems. However, when mounting from Linux the shared space is readonly.
I noticed in Fedora that in Authenticate Configs ->Advanced, that there is an option to "Create home directories on the first login".I'd like to know if its possible to enable that through a text config file on a CentOS box that has ldap authentication enabled. Right now it's complaining that the home folder does not exist upon loggin with an ldap account.
My Fedora box is giving me an SELinux security error:
SELinux is preventing the samba daemon from reading users' home directories.
SELinux has denied the samba daemon access to users' home directories. Someone is attempting to access your home directories via your samba daemon. If you only setup samba to share non-home directories, this probably signals an intrusion attempt. For more information on SELinux integration with samba, look at the samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
I've got a small issue that when a Windows user creates a new folder through Windows Explorer (from the menu or by right clicking) the new folder is only accessible to that particular user. Example: user SABKAR (member of the HR group) creates a new folder called MarcTestMenu in a shared Samba directory through Windows Explorer:
At this point user MORAMY cannot copy a file or open the directory MarcTestMenu. MORAMY gets a 'not accessible' error message in Windows. If I su to the Samba box and issue this command:
how I can get the correct default permissions when users create directories through Windows?
Is it possible to restrict users to their home directories and allow admins to have different home directories? Essentially I want users to have a folder in /var/www/html/$USER and admins to have either unrestricted access or have their root directory be ./ or /www or /etc. I have is set now so users have access to thier home direcotry but I need to upload web files as admin.
I have a perplexing problem that I was hoping some of you might help me solve. My servers run 10.10 and also serve as standalone LTSP hosts - none of this is terribly relevant I hope. Recently, a user complained of permission problems and so I ran a simple command:
Code: chown -R username:username /home/username/* and
I have it set right now to be open so that there's no need to type in username and password information. It works great. I can type \*IP Address* on my WinXP laptop while on the network, and it brings me to the Public folder that I'm trying to share. But, when I click on the folder to open it up, it just sits there and eventually will give a userid/password prompt or will give me an access denied error.
In my desire to learn, mess around and set up something useful on my home network, I'm looking for something that can do centralized login and remote home directories. When someone in my family logs in to a computer, windows or linux based, I want them to be able to use their credentials, then have their remote drive mounted and ready for use. I've looked over ldap solutions, attempted to set up an OpenLDAP server and realized I have no idea what was going on. Is an ldap implementation the proper way to go for my desired solution or am I barking up the wrong tree? I've just now set up OpenDS on a VM for testing but I need to do some research there.
I have my home server setup, running 10.04 x64. The OS is installed on a 300GB WD Blue drive, and I have a RAID5 array md0, consisting of 4x 2TB WD Green drives, mounted as /home. I am sharing the home directories using samba and using them to back-up the other computers in the house. I have created a user account+password for each computer, giving it its own "/home/computername_backup/" directory to store it's backups in.
Computers being backed-up:(750GB) Gaming PC running Win7 Ultimate x64 (30GB + 2TB) HTPC running Win7 Home Premium x64 (32GB) Netbook running Win7 Home Premium x32 (250GB) 2 Macbook Pros Running OS X 10.6.4 (tweaked to allow time machine to recognize the samba share as a time machine volume
Question: 5.37TB of /home seems good for now, and I haven't run into any problems so far, but I don't want to have to keep checking. I'd like to put a size cap on each user's home, to prevent one of the computers from gobbling up all the space. Is there an easy (or hard) way to configure this type of thing? My Macbook, for example, only has a 250GB HD. I could give it 3-400GB of space for its home and that would be plenty - whenever it filled its /home/, it would start erasing the oldest backups. If there is no size limit, I believe it will just continue to grow until all the free space is gone.
Considerations: Right now, the HTPC is storing all its media locally (on the installed 2TB drive). However, I've already used 3/4 of the space and the HPTC enclosure can only hold one drive. My plan moving forward is to have /home be used to store media files (iTunes music for all computers and tv/movies for the HTPC), which is another reason I'd like to ensure that the backups don't take up all the space.
I realize I could create a partition for each computer, but I'd prefer not to go down this route. This would seem an untenable tactic if I added another computer next month, or if I realized that the partition was too small.
I'm trying to mount the home directories of the users on the server to the respective desktops. I would like to use the libpam-mount module. do you guys know, how make it run? I am using 9.10 both server and desktop and the most recent pam-mount module. I know that the /etc/security/pam_mount.conf.xml needs to be edited. I added the following to it: Code: <volume user="username" fstype="cifs" server="IP-Server" path="/home/username" mountpoint="/media/server" />
So I finally managed to get my Samba file server working () but now I have a question. On the server I have 4 folders, each being used for a certain topic. How would I set the folders as read only but not the contents, so that way remote users can read/write to the folder but can't delete or rename the folder itself? Also, if I restart the Linux box it will cease to show on the Windows Network unless I delete the Samba share and remake.
Need help maintaining permissions across multiple directories. Have Ubuntu 8.04 Hardy Heron. O/S installed, updated and running with no problems.Why is it that my administrator user id doesn't seem to have root permissions to create directories? I am trying to setup hosting 3 separate websites and therefore create 3 separate directories to manage all associated files for the 3 websites. Also, I am attempting to read through the tutorials located at:URL...
I'm not able to create Samba Account. it is showing the error message as below
Failed to initialise SAM_ACCOUNT for user <username>. Does this user exist in the UNIX password database ? Failed to modify password entry for user <username>
Unix accounts are created in Corporate Office, which is in US. We had a dedicated link from our office to US office. Now this link has been disconnected & now we have a VPN connection through internet to US Office. there is a firewall on both the sides. While creating samba account i tried to give netstat command & i saw it is trying to make a connection to the Unix Server at US, but the connection is not getting established it is showing SYN_SENT.
The port from the Home directory server trying to connect to the Unix server is connecting using Dynamic port but the Unix server port it is showing as PORTMAP. Network guys are not opening all the ports in the firewall. Kindly let me know the DESTINATION PORT that the home directory server is trying to connect to Unix Server, so that i can ask my network guys to open that perticular port. So that i can create Samba account to the users.
Do you have any idea on how to achieve my goal? Here is the scenario. As a requirement on our development process for every ticket we have we need to create a branch(svn) so that we can develop without disturbing other developer. Now for every checkout I made I need to create a vhost so that I can develop first in my local before deploying to the branch.The site I'm working on is based in Drupal. The files I checked out is just the all folder of Drupal. The core files are already in my local. So the script would grab the core files and copy the all folder in my checkout branch then put them in the vhost.So basically I need a script that will do these automatically for me:1. Setup a vhost Ex: My branch name is 1205googleplusone. Inside that branch has two folders, all and default. What I need only is the DocumentRoot should only point to all folder.2. Update the /etc/hosts Ex: The URL should be 1205googleplusone.domain.com. 3. Create a new database for the new site The script should create a new database and update the configuration.php
i am in need of linux help. iam at college and i need this back/restore script to pass this final part of an assessment. i require a backup script that will not only backup but also restore files to the relevent directories. e.g. users are instructed to store all wordprocessor files in a directory named wp. so i am needing to create a backup directory and 3 directories within that and some files within the 3 directories and then back them up ot restore them. l know i should/have to do this myself by been trying to get/understand info for the last few days and came up with zero.
I want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
Linux and have a western digital server (my book world edition) I can access it with Ubuntu 11.04, just by downloading Samba and then by clicking on network and the server shows up, but with Fedora 15, after I have installed Samba, I click on network and all that shows up is my router?
When i try to create a new samba user the computer locks up and i get this message. can someone help me out. TB08997608 connection.py:630:call_blockingBusException: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 1
I want to use samba in ubuntu.For samba users i make a user in my linux box like
# useradd smith # useradd jone
These users can also login into my ubuntu system if they want. For samba I want to know that, is there any way to create separate valid list of samba users so that they may access files from windows xp.
Is there anything special about a home directory before users' home directories are stored there, or is just as typical as any other "empty" folder?Let me just cut to the chase, but please no ear ringing about the folly of messing around as root, particularly with directories at root level. I know it's considered stupidity, but I deleted my home directory.
Is there an easy way to restore a working home directory? I tried copying /etc/skel under root, but I'm not sure what a home directory should look like once it has been restored. Besides . & .., there were .screenrc & .xsession in my home directory when I copied /etc/skel. Are these files suppose to be in "/home" or "/home/~" or both?
I feel ashamed for even asking this, since it seems like there's about 3 samba questions here every day. However after an hour of searching, I keep finding strange variants that aren't what I need.
My Goal: Create a single file share on an Ubuntu Server - share it via samba to Windows clients that are on a domain with active directory. It sure would be nice if AD authentication would work - so users don't have to type in a linux user/passsword each time they want to access the share.
In my adventures, I've found the following items (which may overlap)
1. Joining the server to a Windows Domain
2. Turning the server into a Windows Domain Controller
3. Authentication with LDAP (still not quite sure how/what this would do)
4. Stuff with Kerberos
5. Lots of people bickering about Samba 3/4 & how it's impossible to make Samba a PDC.
I'm not sure if I need to make the ubuntu server a domain controller or not...all I want to do is create a file share and share it on the domain...I don't need to make the ubuntu server a domain controller for that, right? Maybe just a member? Maybe nothing at all?
I guess if I want to authenticate stuff correctly (or forward authentication requests? Not sure), I probably need to join the ubuntu server to the domain...I think.
But let's say I do join it to the domain...then how to I create a file share that is authenticated via active directory rather than a local ubuntu server account? I see a dozen guides on joining the server to the domain, but nobody ever mentions sharing the folder over the domain.
The lines are also blurred between joining Ubuntu to the domain and making it a domain controller. What should I keep an eye out to avoid in these tutorials?
I get lost between the Kerberos/LDAP/Samba/WinBind etc...and I have a feeling I don't need all of these for something this simple.