Home directory of users in AD

NethServer Version: NS 7RC1
Module: Samba 4 AD

Hello:
I have same issue of Missing Samba home directory

I have joined a Windows 7 professional to NS7RC1 with Samba4, I have installed RSAT on Windows 7.
In “Active Directory Users and Computer” I have created a new user.
I logged in with that new user in windows 7.
I was expecting that home shared folder of the user was empty but the share points to the / of the server, so i see all the content of the server.
In /var/lib/nethserver/home the home directory of the user doesn’t exist.
The Administrator user has the same behiavour.

Ciao

2 Likes

Hi @saitobenkei, thank you for your bug report! IIRC in the past we had an issue with home dirs and Samba… I thought it was fixed! Now let’s see if we can reproduce this :wink:

/cc @quality_team

I just read this workaround by @EddieA

Fixed. I needed to sign in to one of the shares, and then magically my home directory appeared.

The home directory folder is created by oddjob_mkdir PAM module when the user establish a session the first time. That means the user log in by ssh, or create an authenticated connection with some service relying on PAM, like Samba.

I’m afraid we cannot fix this :frowning:

…but we can document it :blush: /cc @docs_team

Sorry, but i didn’t understand…

What should I do to activate the home directories?

Thank you

The home directory folder is created by oddjob_mkdir PAM module when the user establish a session the first time. That means the user log in by ssh, or create an authenticated connection with some service relying on PAM, like Samba.

For instance

  • create a shared folder
  • access it with user’s credentials

If credentials are accepted (it’s a first time login), the home folder is created too! Now user can access the home dir, hopefully :slight_smile:

Doesn’t work (for me :slight_smile: ).

My steps:

  • Installation of NS 7rc1

  • Installation and configuration of samba 4 AD module

  • Creation of a shared folder “share01”

  • Join of a Windows 7 professional with administrator@ad at domain

  • Creation with RSAT of a user user@ad in “Active Directory Users and Computers”

  • Add of the user test@ad in Windows 7 -> Control panel -> Users

  • Login in Windows 7 with test@ad user

  • In Network\NS7 i see two shares: “share01” and “test@ad”. in “share01” I see all correctly, in “terst@ad” I see the / and subfolder of the server.

  • In /var/lib/nethserver/home the “test” folder wasn’t created

  • If i login in windows 7 with “administrator@ad” user I have same behaviour: I see correctly “share01” but not “administrator@ad” share content.

Ciao

3 Likes

This is the output of getent passwd on my machine, with home directory set:

# getent passwd first.user@dpnet.nethesis.it
first.user@dpnet.nethesis.it:*:1337601104:1337600513:first.user:/var/lib/nethserver/home/first.user:/usr/libexec/openssh/sftp-server

Could you check if it’s similar to your?

[root@neth7 ~]# getent passwd test@bmc.local
test@bmc.local:*:1126401108:1126400513:Test Utente:/:/usr/libexec/openssh/sftp-server

I see the home directory has been set (by RSAT tools?) to “/”!

1 Like

Is seems thar it’s happen when the user is created with RSAT

I create a new user (test2@ad) in NS7 dashboard and:

[root@neth7 ~]# getent passwd test2@bmc.local
test2@bmc.local:*:1126401109:1126400513:test2:/var/lib/nethserver/home/test2:/usr/libexec/openssh/sftp-server

When i connect Windows 7 with the new user test2@ba i see the correct shares.

Now i have to find how to force RSAT to create the correct user share as default (If someone have idea is welcomed :smiley: )

Ciao

2 Likes

Isn’t possible to force samba to create the correct path?

We cannot force Samba, because the directory is actually created by PAM. Luckily, sssd can override the LDAP attribute from AD: we could set an override in sssd.conf.

Could you share some screenshots of RSAT? Did you understand why it set unixHomeDirectory to “/”?

I attach the screenshots of creation process of the user test3@ad.
There aren’t requests where to create the user share folder

The only place where i can set something is in the “Profile” tab of the User’s properties, but I thing that sets the folder where the profile of the user will be stored.

2 Likes

There’s a attribute parameter on RSAT/ADUC user gorup configuration:

Open the ADUC, go to “View” then check “Advanced Features”

Then right click un the user/gorup -> Properties

In the tab “Attribute Editor” there is a attirbute unixHostDirectory

If the user was created in dashboard, that attribute is correctly configured.
If the user was created in RSAT/ADUC, that attribute is set on “not set” but if I modify the value of the attribute with the drectory, nothing happens: getent reports always / as home directory and if i login with that user on Windows the directory isn’t create.

EDIT: the sentence in italic above could not be true… maybe it’s necessary to wait some time after the modify so that it is applied
It’s necessary to wait at least 5 minutes before the modify is applied and appears on getent

The value “/home/test3” shown as gray text in field “Home Directory”, should be a valid NS path… But nobody knows what RSAT actually does!

It’s same for the test2 user ( /home/test2 ) that i’ve created on dashboard

sssd keeps a local cache of LDAP attributes. You could wait until it expires (but don’t how much it lasts) or issue the following command:

sss_cache -U -G

Yes, it’s true, and the modify of the Unix attribute of the users as I have described in the post above seems to work.

But it is complicated because it must be made user by user.
In my opinion it should be forced to a domain controller level.

I agree, I’d go with the sssd override parameter. Please test it by yourself! Add the following line to /etc/sssd.conf, under the ldap_id_mapping = True line:

override_homedir = /var/lib/nethserver/home/%f

restart sssd

systemctl restart sssd

clean up caches

sss_cache -U -G

/etc/sssd/sssd.conf

I’ve changed %f with %u bacause %f is expanded as user@domain while %u is expanded as user without @domain

override_homedir = /var/lib/nethserver/home/%u

Then I’ve created a new user in RSAT/ADUC then I logged with that new user in Windows 7.

All seems to work correcly!

Ciao

8 Likes