Question on user access rights for AD user

By creating a new user on the domain controler nethserver there is an automatically created share on the fileserver named username@domain. But the corresponding user logged in on a win 10 client cannot access it, as access is denied. How can I correct this?

Additionally what are the correct steps to create roaming profile and redirect parts of the profile (the nethserver part, not the gpo part)? I already had done that some time ago, but did not find an official neth wiki or howto procedure, rather found some infos in different threads in the forum and as I am recreating a domain from scratch I’d like to know if you have a recommended howto to this setup up.

You may check the permissions:

ll /var/lib/nethserver/home/

Maybe there are saved wrong logins in Windows credentials management?

This is what I found:

https://wiki.samba.org/index.php?title=Roaming_Windows_User_Profiles&_Windows_Profiles=

https://community.nethserver.org/t/roaming-profiles-in-ns7-active-directory/5259/23?u=mrmarkuz

Thanks for the links. I will have a look and report my findings while setting everything up :slight_smile:
Concerning permission: Its drwx------- or 700 for the folder within home named with username. and drwxr-xr-x / 755 for the home folder itself. Is this correct? And why not if not, as those folders are autocreated by the server upon new usercreation?

Yes, but is the user/group correct?

drwx------ 2 testuser@domain.tld domain users@domain.tld

Hm, strange ls -l gives me some numeric value instead of the user@domain. I can try to delete the folder and user and see if recreation works. This user was created on the pdc and used to join a second nethserver als bdc which also has the role of the fileserver.

Edit to add, recreation did the trick. Obviously the first userhome folder was initially created on pdc but after having joined bdc the transfer from one neth to the other obviously created this error. First I created a second user, and with this one the owner was set correctly. Then deleted my initial user and the corresponding folder and recreation solved the problem. Thanks for asking me for the owner thus pushing me to the solution :slight_smile:

1 Like

I used this post to set profile and roaming profile with some slight modifications:

chgrp "domain users@<domain>" /var/lib/nethserver/profiles
chmod 1770 /var/lib/nethserver/profiles

I am not sure if 1770 is appropriate but I had problems with 1750 and 1757.

For Folder redirection I created a folder named redirection with same access rights as the profile folder and used the rsat tools to point to the redirection folder.