Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have configured Samba on a RHEL 3 server, and am able to authenticate on that server against our Windows 2003 Active Directory. What I want to be able to do is then force the home directory for my AD login to be a home directory with a different name.
For example AD login name = bloggsf maps to a user directory of /home/EU/fredb.
(The reason why I want to do this is because our existing RHEL server has local accounts that have different names to the users domain accounts, and we want to rationalise this and centralise security. But we don't want to have to rename and move all of the home directories).
Could not chdir to home directory /home/EU/bloggsf: No such file or directory
Which is quite simply because that directory does not exist.
I have created a home directory of /home/EU/fredb, and I have created a 'local' user of fredb, which can login locally and goes to the right home directory.
I amusing windbind, so in my smbusers file I don't think I need an FQDN on the AD name.
This feels so close, but I am missing something. Can anyone offer me some advice/help please.
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.
In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).
Default: force user =
Example: force user = auser
I'm not sure if this works or not but sounds good in theory. Maybe using 'force user = %u' would work in your [homes] share if you list 'path = /home/%u'. Give it a shot and let's see what happens
If I understand this correctly, this is not quite what I want.
I have multiple users, all who have home directories already on the server, but with a 'Linux User Name' that is different to the 'AD User Name' they logged in with. I therefore wanted to be able to map each user uniquely, rather than map all users to one (which I think is what you are suggesting - sorry if I misunderstood that).
The smbusers file seems to express exactly what I want, in that it maps the logged in user name to some other user name, but this does not seem to determine the home directory as I had hoped.
I could be wrong in how I suggested to accomplish this but I think we're on the same page. I'm suggesting using the %u macro in your [homes] share definitions so that once the AD user has been mapped to the Linux user via smbuser, that username (%u) will be used for the home directory. for instance, in the [homes] share section, using something like 'path = /home/%u'. If it works how I think it does, the AD name (bloggs) will already be mapped to the unix name (fredb) and it should substitude 'fredb' in place of the %u macro (or, whatever user logged in).
Thanks for your reply. What you are suggesting is along the lines of how I hoped it would work. However, if I add the 'path' to the [homes] section, it still insists when I login that the home directory is /home/EU/bloggsf. I have tried putting rubbish in the smbusers file for the mapping, and for the 'path' and 'template homedir' in smb.conf but the path for the missing home directory in the error never changes. I think I have tried all combinations.
It seems now, that the home directory is being defined elsewhere, but I cannot see where. Unfortunately I cannot devote too much time to this each day, so progress on my side is slow .
Any further suggestions of things to check/test would be appreciated. It feels like I am missing something obvious.
There's an option of registry based configs that may work. You can probably look into it and define the share in a registry key on the Windows machine. However, this would only work if the user uses the same workstation all the time as the config settings are stored locally.
The users will be logging into the RHEL server directly via a Putty session. The credentials are authenticated against AD on a Windows PDC. So I am not sure how this would help, or am I not understanding something.
I have had another look at this, and re-run getent passwd, which as I understand returns all the configured users. In my case then this will return users on the local machine, and those retrieved from Active Directory. When I run getent passwd, the home directory it comes back with is /home/EU/bloggsf. I am presuming then that this has come from AD, and has not been updated based on my smbusers configuration. Is this a correct assumption? If so how do I go about updating it.
[homes]
path = /home/EU/%u #or whatever path to the homes directories
valid users = %u
Or, could always go the more tedious route and just create a unix user bloggsf if you don't end up getting the username mappings to work. But I guess that could always be a last resort.
Last edited by ostrosky.jeremiah; 10-21-2011 at 06:28 PM.
This unfortunately did not seem to work either. I am rather expecting that the username map will accept my logon as bloggsf, then once logged on the user appears as fredb. When I have logged on though, it is still looking for the wrong home directory, and whoami says the user is bloggsf.
My smb.conf file looks like this;
[global]
log level = 10
workgroup = EU
server string = sectest server
realm = EU.MYDOMAIN.LOCAL
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = MY-PDC.EU.MYDOMAIN.LOCAL
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writeable = yes
path = /home/%D/%u
valid users = %u
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
I have tried the smbusers file with and without the domain of EU but to no avail.
From what I can see of the user name mapping, it just works, but not for me, so I tend to think I am missing something very obvious, or have made a stupid mistake. Each time I edit smb.conf, or smbusers I stop the winbind, and samba daemons and restart them. The only thing I haven't done is bounce the whole server.
Apart from this I have Kerberos, and PAM configured. I have looked in the log files, but cannot see anything glaringly obvious.
I don't know if this option works for individual shares or not but the option 'force user' may help. You would probably have to setup a separate share definition for that though. Then, when bloggsf logs in you can have the user force to be fredb. Probably worth a shot to read up on it.
Thanks for your reply, and apologies for the delay in replying.
I have tried this, by adding this to smb.conf
[bloggsf]
force user = fredb
This did not seem to work either. I still get the error;
Could not chdir to home directory /home/EU/bloggsf: No such file or directory.
I do not seem to be able to make the system translate the user to fredb.
Everything I have read seems to make this seem so simple, and the apparent way to do this is with username map. I can see no evidence to suggest that this is being used at all.
Does anybody have any ideas how to make this work, because I am starting to doubt if I am approaching this from the right direction.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.