Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have configured Samba on a RHEL 3 server, and am able to authenticate on that server against our Windows 2003 Active Directory. What I want to be able to do is then force the home directory for my AD login to be a home directory with a different name.
For example AD login name = bloggsf maps to a user directory of /home/EU/fredb.
(The reason why I want to do this is because our existing RHEL server has local accounts that have different names to the users domain accounts, and we want to rationalise this and centralise security. But we don't want to have to rename and move all of the home directories).
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.
In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).
Default: force user =
Example: force user = auser
I'm not sure if this works or not but sounds good in theory. Maybe using 'force user = %u' would work in your [homes] share if you list 'path = /home/%u'. Give it a shot and let's see what happens
If I understand this correctly, this is not quite what I want.
I have multiple users, all who have home directories already on the server, but with a 'Linux User Name' that is different to the 'AD User Name' they logged in with. I therefore wanted to be able to map each user uniquely, rather than map all users to one (which I think is what you are suggesting - sorry if I misunderstood that).
The smbusers file seems to express exactly what I want, in that it maps the logged in user name to some other user name, but this does not seem to determine the home directory as I had hoped.
I could be wrong in how I suggested to accomplish this but I think we're on the same page. I'm suggesting using the %u macro in your [homes] share definitions so that once the AD user has been mapped to the Linux user via smbuser, that username (%u) will be used for the home directory. for instance, in the [homes] share section, using something like 'path = /home/%u'. If it works how I think it does, the AD name (bloggs) will already be mapped to the unix name (fredb) and it should substitude 'fredb' in place of the %u macro (or, whatever user logged in).
Thanks for your reply. What you are suggesting is along the lines of how I hoped it would work. However, if I add the 'path' to the [homes] section, it still insists when I login that the home directory is /home/EU/bloggsf. I have tried putting rubbish in the smbusers file for the mapping, and for the 'path' and 'template homedir' in smb.conf but the path for the missing home directory in the error never changes. I think I have tried all combinations.
It seems now, that the home directory is being defined elsewhere, but I cannot see where. Unfortunately I cannot devote too much time to this each day, so progress on my side is slow .
Any further suggestions of things to check/test would be appreciated. It feels like I am missing something obvious.
There's an option of registry based configs that may work. You can probably look into it and define the share in a registry key on the Windows machine. However, this would only work if the user uses the same workstation all the time as the config settings are stored locally.
The users will be logging into the RHEL server directly via a Putty session. The credentials are authenticated against AD on a Windows PDC. So I am not sure how this would help, or am I not understanding something.
I have had another look at this, and re-run getent passwd, which as I understand returns all the configured users. In my case then this will return users on the local machine, and those retrieved from Active Directory. When I run getent passwd, the home directory it comes back with is /home/EU/bloggsf. I am presuming then that this has come from AD, and has not been updated based on my smbusers configuration. Is this a correct assumption? If so how do I go about updating it.
This unfortunately did not seem to work either. I am rather expecting that the username map will accept my logon as bloggsf, then once logged on the user appears as fredb. When I have logged on though, it is still looking for the wrong home directory, and whoami says the user is bloggsf.
My smb.conf file looks like this;
log level = 10
workgroup = EU
server string = sectest server
realm = EU.MYDOMAIN.LOCAL
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = MY-PDC.EU.MYDOMAIN.LOCAL
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = yes
#============================ Share Definitions ==============================
comment = Home Directories
browseable = no
writeable = yes
path = /home/%D/%u
valid users = %u
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
I have tried the smbusers file with and without the domain of EU but to no avail.
From what I can see of the user name mapping, it just works, but not for me, so I tend to think I am missing something very obvious, or have made a stupid mistake. Each time I edit smb.conf, or smbusers I stop the winbind, and samba daemons and restart them. The only thing I haven't done is bounce the whole server.
Apart from this I have Kerberos, and PAM configured. I have looked in the log files, but cannot see anything glaringly obvious.
I don't know if this option works for individual shares or not but the option 'force user' may help. You would probably have to setup a separate share definition for that though. Then, when bloggsf logs in you can have the user force to be fredb. Probably worth a shot to read up on it.