Home Folder on Samba4

Home Folder on Samba4

The home folder is generally a users default directory which contains his or her personal files, programs, e.t.c whenever he/she logs in to the network. It is sometimes called the login directory. In this guide, “Home Folder on Samba4 “, we will follow best practice and avoid using the samba built-in [homes] section that dynamically shares the home directory to all users. According to samba documentation, https://wiki.samba.org/index.php/User_Home_Folders, using the home section, will involve some workaround and we may have to create each users home directory manually. Also, the [home] feature is currently not supported in the samba4 active directory domain controller.

Now we are going to create the users folder on samba using the same steps we used in  this https://topnetworkguide.com/setting-up-a-share-on-samba4-active-directory-domain-controller/, guide.

If you are with me, lets get started!

Home Folder on Samba4

Login to your samba4 server and create a folder or directory called users in samba4.

#mkdir /users/

create new folder called users

Next, give the users folder the permission of 775. Visit the guide above for further explanation.

Now, transfer ownership from root to domain users,

transfer ownership from root to domain users

We should now open up smb configuration file and enter the path to the users folder like this;

#vim /etc/samba/smb.conf

enter smb.conf file

and enter in this content as shown in the image below

[users]

path = /users

read only = No

Restart samba by running the command #/etc/init.d/samba restart

restart samba server

ASSIGN HOME FOLDER TO USERS

To achieve this, we will use group policy management console from RSAT on a windows machine. But, before this, lets set the necessary permission on the folder.

Open up mmc and navigate to computer management. Connect to the machine running samba4 share by entering the hostname or ip address of the machine.

Now click on system Tools=>Shared Folders=>Share.

access samba share from mmc

Right click on your users folder and click properties. The properties box opens.

Click on share permissions and add domain users and domain admins. Grant domain users share permission of change and read.

give domain users change and read permissions

Grant domain admins  full share permissions.

give domain admins full control

Also give file permissions using the security tab as shown below for the domain users and domain admins. For the domain admin, grant full access or control. Also grant the creator group full control.

 give domain admins and creator full permission on file

For the domain users, give them read and execute permission.

give domain users read and execute permission on file

Now click on security=>advanced and verify that the inherited from column is “not inherited”.

inherited from column is not inherited

If you see a path in the inherited from column, simply click change permission and tick include inheritable permission from the object’s parent.

disable inheritance

Now, launch group policy management and right click the domain and click create a GPO in the domain and link it here. Give your gpo a name e.g Home Folder. Edit the Home Folder GPO and click on user configuration=>preferences=>windows setting=>Drive Map.

Right click on Drive Map=>New=>Mapped Drive. In the general tab, select create for action. Tick on reconnect and enter in this value \\Samba Server Name or IP\%LogonUser%

This will enable the users home directory to be stored in the samba share anytime a user logs on to his machine using the users name.

general tab for mapped drive

In the Common tab, tick run in logged-on users security context. Click Ok.

The next time a user logs in, this policy is applied to the user.

 

We have successfully configured home folder in samba4. Next up, we will use our home folder to correctly configure folder redirection. Please stay tuned!

 

Did You Enjoy What You Read? Sign Up To Our News Letter
I agree to have my personal information transfered to MailChimp ( more information )
Join over 1.000 visitors who are receiving our newsletter and learn how to design networks that work using open source technology and commercial offerings. Also learn how to proactively defend against security threats.
We hate spam. Your email address will not be sold or shared with anyone else.
Share This.