Join Log in
Score:0
nop avatar Server

Samba doesn't run root preexec

cn flag
nop

I have Windows Server 2019 AD and Samba Winbind joined to the AD. The Samba is technically used for home directories and a shared folder between all domain users.

How to force Samba to create directory seems to the same issue. However, when I log into the account I just created in the Windows AD, Samba doesn't create automatically home directory. I think the script is not even executing. What is wrong with it?

The expected behavior is:

  1. create new AD user
  2. log into that account
  3. Samba should create /home/username directory automatically. The problem is that it doesn't.

Once I edit the smb.conf file, I do smbcontrol all reload-config to apply the changes. Maybe that's wrong?

Edit: Okay I think the issue is that I should run these on netlogon. But not so sure.

root preexec: Sets a command to run as root, before connecting to the share.

netlogonpr.sh

#!/bin/bash

mkdir -p /home/hey

USERNAME=$1
GROUP=$2
DIRECTORY=/home/$USERNAME

if [ ! -d "$DIRECTORY" ]; then
   mkdir -m 0700 $DIRECTORY
   chown $USERNAME:$GROUP $DIRECTORY
fi

smb.conf

[homes]
        writable = yes
        create mask = 0711
        directory mask = 0711
        map hidden = yes
        map system = yes
        invalid users = root nobody
        csc policy = disable
        root preexec = /usr/local/bin/netlogonpr.sh %U %G
        veto files = /autorun.inf/*.zepto/*.ZEPTO/*.scr/*.SCR/*.wsf/*.WSF/*.docm/*.DOCM/
        delete veto files = yes

[pccommon]
        comment = Shared Folder
        path = /home/pccommon
        public = yes
        guest ok = yes
        writable = yes
        create mode = 000
        force create mode = 0777
        directory mode = 0000
        force directory mode = 0777

History 1000 of the commands that were ran onto the machine:

[root@leo /]# history 1000
    1  w
    2  ping 1.1.1.1
    3  w
    4  ifco
    5  export
    6  nano /etc/profile.d/proxy.sh
    7  vi /etc/profile.d/proxy.sh
    8  chmod +x /etc/profile.d/proxy.sh
    9  /etc/profile.d/proxy.sh
   10  dnf update
   11  dnf upgrade
   12  ip r
   13  ping proxy.hidden.com
   14  cat /etc/profile.d/proxy.sh
   15  export ftp_proxy=http://proxy.hidden.com:3128/
   16  export http_proxy=http://proxy.hidden.com:3128/
   17  export https_proxy=http://proxy.hidden.com:3128/
   18  export no_proxy=.uni-ruse.bg
   19  dnf update
   20  w
   21  dnf install samba-winbind
   22  poweroff
   23  w
   24  cd /etc/samba/
   25  ls
   26  nano smb.conf
   27  dnf install nano -y
   28  nano smb.conf
   29  cp -rp smb.conf /tmp/
   30  nano smb.conf
   31  systemctl enable winbind
   32  systemctl enable samba
   33  systemctl enable smb
   34  service winbind status
   35  service winbind start
   36  service winbind status
   37  service smbd start
   38  service smb start
   39  service winbind status
   40  service winbind restart
   41  service winbind status
   42  cat /var/log/me
   43  cat /var/log/lastlog
   44  cd sam
   45  ls
   46  cd /var/log/samba/
   47  ls
   48  cat log.winbindd
   49  sestatus
   50  setenforce 0
   51  service winbind restart
   52  journalctl -xe
   53  net ads join -U johnsmith
   54  service winbind status
   55  service winbind start
   56  service winbind status
   57  dnf install samba4-winbind-clients
   58  wbinfo -u | grep johnsmith
   59  w
   60  service smb status
   61  w
   62  cd /home/
   63  ls
   64  ls -la
   65  nano /etc/samba/smb.conf
   66  service smb restart
   67  dnf remove firewalld
   68  nano /etc/sysconfig/selinux
   69  setenforce 0
   70  w
   71  ls -la
   72  service smb restart
   73  ls
   74  cd /var/log/samba/
   75  ls
   76  cat log.172.16.31.4
   77  nano /etc/samba/smb.conf
   78  service smb restart
   79  cat log.172.16.31.4
   80  nano /etc/nsswitch.conf
   81  service smb restart
   82  cat log.172.16.31.4
   83  ls -la
   84  cd /home/
   85  ls
   86  mkdir johnsmith
   87  chown johnsmith. johnsmith/
   88  chown johnsmith: johnsmith
   89  cat log.172.16.31.4
   90  cat /var/log/samba/log.172.16.31.4
   91  nano /etc/samba/smb.conf
   92  service smb restart
   93  cat /var/log/samba/log.172.16.31.4
   94  service winbind restart
   95  service samba restart
   96  service smb restart
   97  tail -f /var/log/samba/log.172.16.31.4
   98  ls
   99  cd /etc/samba/
  100  ls
  101  cp -rp smb.conf smb.conf.example
  102  nano smb.conf
  103  nano /usr/local/bin/netlogonpr
  104  nano smb.conf
  105  service smb restart
  106  cd /home/
  107  ls
  108  rm -rf johnsmith/
  109  ls
  110  ll
  111  ls -la
  112  nano /usr/local/bin/netlogonpr
  113  ls -la
  114  nano /etc/samba/smb.conf
  115  service smb restart
  116  ll
  117  ls -la
  118  mkdir johnsmith
  119  ls
  120  ls -la
  121  chown johnsmith. johnsmith/
  122  chown johnsmith: johnsmith/
  123  chown IIT\johnsmith johnsmith/
  124  chown IIT\johnsmith: johnsmith/
  125  chown IIT\\johnsmith: johnsmith/
  126  ll
  127  ls -la johnsmith/
  128  ls
  129  stat johnsmith/
  130  history
  131  cd /root/
  132  ls
  133  rm anaconda-ks.cfg
  134  mkdir bin
  135  cd bin/
  136  ls
  137  nano set-permissions.txt
  138  chmod +x set-permissions.txt
  139  exit
  140  w
  141  ip r
  142  df -h
  143  cd /home/
  144  ls
  145  ls -lah
  146  ls
  147  ll
  148  w
  149  dnf install chronyd
  150  dnf install chrony
  151  nano /etc/chrony.conf
  152  systemctl enable chrony
  153  systemctl enable chronyd
  154  service chronyd status
  155  service chronyd start
  156  service chronyd status
  157  w
  158  service chronyd status
  159  w
  160  df -h
  161  w
  162  exit
  163  service rsyslog
  164  service rsyslog status
  165  dnf install rsyslog -y
  166  systemctl enable rsyslog
  167  service rsyslog restart
  168  ls -la
  169  ls -la /var/log/
  170  tail -300 /var/log/messages
  171  w
  172  clear
  173  w
  174  dnf upgrade
  175  nano /etc/ssh/sshd_config
  176  service sshd restart
  177  ifco
  178  dnf install net-tools -y
  179  ip r
  180  dnf install open-vm-tools.x86_64
  181  w
  182  ifconfig
  183  service vmtoold status
  184  systemctl
  185  authselect select winbind with-mkhomedir --force
  186  systemctl enable --now oddjobd.service
  187  systemctl enable oddjobd --now
  188  dnf search oddjobd
  189  dnf search oddjobd
  190  dnf install oddjob-mkhomedir
  191  systemctl enable oddjobd --now
  192  ls
  193  cd /home/
  194  ls
  195  rm -rf johnsmith/
  196  ls
  197  pwd
  198  su - IIT\\johnsmith
  199  ll
  200  ls
  201  ls -lah
  202  history
  203  ls
  204  rm -rf johnsmith/
  205  ls
  206  ll
  207  authconfig --enablemkhomedir --update
  208  ls
  209  echo ‘session required pam_mkhomedir.so umask=0022 skel=/etc/skel’ >> /etc/pam.d/system-auth
  210  echo ‘session required pam_mkhomedir.so umask=0022 skel=/etc/skel’ >> /etc/pam.d/password-auth
  211  ls
  212  ll
  213  su - IIT\\johnsmith
  214  ll
  215  cd /root/bin/
  216  ls
  217  nano set-permissions.txt
  218  passwd
  219  cd /etc/pam.d/
  220  nano system-auth
  221  nano password-auth
  222  w
  223  cat /var/log/messages
  224  w
  225  wbinfo -t
  226  wbinfo -g
  227  wbinfo -G
  228  wbinfo -g
  229  cat /etc/samba/smb.conf
  230  nano /etc/samba/smb.conf
  231  w
  232  htp[
  233  htop
  234  w
  235  clear
  236  w
  237  dnf search finger
  238  getent passwd johnsmith
  239  getent passwd IIT\johnsmith
  240  yum provides finger
  241  wbinfo -g
  242  clear
  243  wbinfo -g
  244  service winbind restart
230
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.