Unable to change home folder setting in Samba/Winbind
I'm using a Debian 8 server at work. Recently, I used Samba and Winbind to join it to the domain. This domain is managed by Active Directory on a Windows Server machine. This all works: domain users can SSH into the server with their AD passwords, wbinfo gives me domain groups or users, and so on. I even get domain groups when I use the "groups" command on local Debian users who also have domain accounts.
Here's the problem. When I set all this up, I thought I wanted to put all newcomers to the server in /home/domain/username, so I set up my smb.conf file accordingly. Now, though, I've changed my mind thanks to an Nginx setup I won't go into here. I want users to go to /home/username instead. I've updated smb.conf, but my new setting won't take effect.
The first user I've been testing all this on is me, but I'm an admin for the domain. I needed a non-admin user, so chose someone who works just down the hall. She logged in before I made the change, and, as you'd expect, was given a /home/domain/username folder. Now that I've decided not to use the domain folder for home directories, though, I want to move her home folder to /home/username. The Nginx thing makes it important that this happens. I also want this to happen for all future users who get on the server, but everyone is currently stuck in /home/domain/username instead.
I've so far tried usermod, but that fails because, as a domain user, this test user is not in the local system at all, so there's no entry in /etc/passwd. I've tried username, domain\username, domain\\username, and other variants. My winbind separator is indeed backslash. I knew none of this would work, since passwd has no record of this user at all, but I tried just the same.
I've also tried moving the user's home folder where I want it, so her old folder is gone, then having her log in. I hoped Samba would find no home folder, see my new template telling it where to place users, and go to /home/username. Instead, it created /home/domain/username again, and put her in there. I'm having her log in over SSH.
When I run
getent passwd
I get all the domain users and groups, but all of them show home folders of /home/domain/username instead of /home/username. Yet, in smb.conf, I have this in the [globals] section:
template homedir = /home/%U
I've restarted Samba several times. I've even made these changes to sssd and restarted that, although I'm not using sssd. I restarted ssh just to be sure. I now know why my test user won't move, but that only showed me that all users will have this problem. Indeed, when I had a second user log in over SSH using domain credentials, she, too, went to /home/domain/username.
Nothing has worked so far. I don't know what else I should try in order to get the home folder setting how I want it. Can anyone spot anything I might have missed: a setting, something to restart, anything? I'm new to using Linux on a domain, so have cobbled my current setup together from many online articles and forums. It works, but I don't know enough about it to troubleshoot extensively. If I've missed telling you any important details, let me know.
samba home active-directory winbind
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
add a comment |
I'm using a Debian 8 server at work. Recently, I used Samba and Winbind to join it to the domain. This domain is managed by Active Directory on a Windows Server machine. This all works: domain users can SSH into the server with their AD passwords, wbinfo gives me domain groups or users, and so on. I even get domain groups when I use the "groups" command on local Debian users who also have domain accounts.
Here's the problem. When I set all this up, I thought I wanted to put all newcomers to the server in /home/domain/username, so I set up my smb.conf file accordingly. Now, though, I've changed my mind thanks to an Nginx setup I won't go into here. I want users to go to /home/username instead. I've updated smb.conf, but my new setting won't take effect.
The first user I've been testing all this on is me, but I'm an admin for the domain. I needed a non-admin user, so chose someone who works just down the hall. She logged in before I made the change, and, as you'd expect, was given a /home/domain/username folder. Now that I've decided not to use the domain folder for home directories, though, I want to move her home folder to /home/username. The Nginx thing makes it important that this happens. I also want this to happen for all future users who get on the server, but everyone is currently stuck in /home/domain/username instead.
I've so far tried usermod, but that fails because, as a domain user, this test user is not in the local system at all, so there's no entry in /etc/passwd. I've tried username, domain\username, domain\\username, and other variants. My winbind separator is indeed backslash. I knew none of this would work, since passwd has no record of this user at all, but I tried just the same.
I've also tried moving the user's home folder where I want it, so her old folder is gone, then having her log in. I hoped Samba would find no home folder, see my new template telling it where to place users, and go to /home/username. Instead, it created /home/domain/username again, and put her in there. I'm having her log in over SSH.
When I run
getent passwd
I get all the domain users and groups, but all of them show home folders of /home/domain/username instead of /home/username. Yet, in smb.conf, I have this in the [globals] section:
template homedir = /home/%U
I've restarted Samba several times. I've even made these changes to sssd and restarted that, although I'm not using sssd. I restarted ssh just to be sure. I now know why my test user won't move, but that only showed me that all users will have this problem. Indeed, when I had a second user log in over SSH using domain credentials, she, too, went to /home/domain/username.
Nothing has worked so far. I don't know what else I should try in order to get the home folder setting how I want it. Can anyone spot anything I might have missed: a setting, something to restart, anything? I'm new to using Linux on a domain, so have cobbled my current setup together from many online articles and forums. It works, but I don't know enough about it to troubleshoot extensively. If I've missed telling you any important details, let me know.
samba home active-directory winbind
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
Why do you havewinbindandsssdinstalled at the same time? If you're not usingsssdI would really recommend you get rid of it. (But better, would be to usesssdand move on fromwinbind. Really.)
– roaima
Oct 2 '18 at 22:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13
add a comment |
I'm using a Debian 8 server at work. Recently, I used Samba and Winbind to join it to the domain. This domain is managed by Active Directory on a Windows Server machine. This all works: domain users can SSH into the server with their AD passwords, wbinfo gives me domain groups or users, and so on. I even get domain groups when I use the "groups" command on local Debian users who also have domain accounts.
Here's the problem. When I set all this up, I thought I wanted to put all newcomers to the server in /home/domain/username, so I set up my smb.conf file accordingly. Now, though, I've changed my mind thanks to an Nginx setup I won't go into here. I want users to go to /home/username instead. I've updated smb.conf, but my new setting won't take effect.
The first user I've been testing all this on is me, but I'm an admin for the domain. I needed a non-admin user, so chose someone who works just down the hall. She logged in before I made the change, and, as you'd expect, was given a /home/domain/username folder. Now that I've decided not to use the domain folder for home directories, though, I want to move her home folder to /home/username. The Nginx thing makes it important that this happens. I also want this to happen for all future users who get on the server, but everyone is currently stuck in /home/domain/username instead.
I've so far tried usermod, but that fails because, as a domain user, this test user is not in the local system at all, so there's no entry in /etc/passwd. I've tried username, domain\username, domain\\username, and other variants. My winbind separator is indeed backslash. I knew none of this would work, since passwd has no record of this user at all, but I tried just the same.
I've also tried moving the user's home folder where I want it, so her old folder is gone, then having her log in. I hoped Samba would find no home folder, see my new template telling it where to place users, and go to /home/username. Instead, it created /home/domain/username again, and put her in there. I'm having her log in over SSH.
When I run
getent passwd
I get all the domain users and groups, but all of them show home folders of /home/domain/username instead of /home/username. Yet, in smb.conf, I have this in the [globals] section:
template homedir = /home/%U
I've restarted Samba several times. I've even made these changes to sssd and restarted that, although I'm not using sssd. I restarted ssh just to be sure. I now know why my test user won't move, but that only showed me that all users will have this problem. Indeed, when I had a second user log in over SSH using domain credentials, she, too, went to /home/domain/username.
Nothing has worked so far. I don't know what else I should try in order to get the home folder setting how I want it. Can anyone spot anything I might have missed: a setting, something to restart, anything? I'm new to using Linux on a domain, so have cobbled my current setup together from many online articles and forums. It works, but I don't know enough about it to troubleshoot extensively. If I've missed telling you any important details, let me know.
samba home active-directory winbind
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
I'm using a Debian 8 server at work. Recently, I used Samba and Winbind to join it to the domain. This domain is managed by Active Directory on a Windows Server machine. This all works: domain users can SSH into the server with their AD passwords, wbinfo gives me domain groups or users, and so on. I even get domain groups when I use the "groups" command on local Debian users who also have domain accounts.
Here's the problem. When I set all this up, I thought I wanted to put all newcomers to the server in /home/domain/username, so I set up my smb.conf file accordingly. Now, though, I've changed my mind thanks to an Nginx setup I won't go into here. I want users to go to /home/username instead. I've updated smb.conf, but my new setting won't take effect.
The first user I've been testing all this on is me, but I'm an admin for the domain. I needed a non-admin user, so chose someone who works just down the hall. She logged in before I made the change, and, as you'd expect, was given a /home/domain/username folder. Now that I've decided not to use the domain folder for home directories, though, I want to move her home folder to /home/username. The Nginx thing makes it important that this happens. I also want this to happen for all future users who get on the server, but everyone is currently stuck in /home/domain/username instead.
I've so far tried usermod, but that fails because, as a domain user, this test user is not in the local system at all, so there's no entry in /etc/passwd. I've tried username, domain\username, domain\\username, and other variants. My winbind separator is indeed backslash. I knew none of this would work, since passwd has no record of this user at all, but I tried just the same.
I've also tried moving the user's home folder where I want it, so her old folder is gone, then having her log in. I hoped Samba would find no home folder, see my new template telling it where to place users, and go to /home/username. Instead, it created /home/domain/username again, and put her in there. I'm having her log in over SSH.
When I run
getent passwd
I get all the domain users and groups, but all of them show home folders of /home/domain/username instead of /home/username. Yet, in smb.conf, I have this in the [globals] section:
template homedir = /home/%U
I've restarted Samba several times. I've even made these changes to sssd and restarted that, although I'm not using sssd. I restarted ssh just to be sure. I now know why my test user won't move, but that only showed me that all users will have this problem. Indeed, when I had a second user log in over SSH using domain credentials, she, too, went to /home/domain/username.
Nothing has worked so far. I don't know what else I should try in order to get the home folder setting how I want it. Can anyone spot anything I might have missed: a setting, something to restart, anything? I'm new to using Linux on a domain, so have cobbled my current setup together from many online articles and forums. It works, but I don't know enough about it to troubleshoot extensively. If I've missed telling you any important details, let me know.
samba home active-directory winbind
samba home active-directory winbind
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
edited Dec 31 '18 at 12:01
Jeff Schaller
39.2k1054125
39.2k1054125
asked Oct 1 '18 at 22:07
AH16AH16
44
asked Oct 1 '18 at 22:07
AH16AH16
44
asked Oct 1 '18 at 22:07
AH16AH16
44
44
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
Why do you havewinbindandsssdinstalled at the same time? If you're not usingsssdI would really recommend you get rid of it. (But better, would be to usesssdand move on fromwinbind. Really.)
– roaima
Oct 2 '18 at 22:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13
add a comment |
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
Why do you havewinbindandsssdinstalled at the same time? If you're not usingsssdI would really recommend you get rid of it. (But better, would be to usesssdand move on fromwinbind. Really.)
– roaima
Oct 2 '18 at 22:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
Why do you have
winbind and sssd installed at the same time? If you're not using sssd I would really recommend you get rid of it. (But better, would be to use sssd and move on from winbind. Really.)– roaima
Oct 2 '18 at 22:13
Why do you have
winbind and sssd installed at the same time? If you're not using sssd I would really recommend you get rid of it. (But better, would be to use sssd and move on from winbind. Really.)– roaima
Oct 2 '18 at 22:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13
add a comment |
1 Answer
1
active
oldest
votes
Well, I figured it out. It's probably obvious to any Linux admins, but it's new to me.
The changes I made are in /etc/samba/smb.conf. Restarting Samba, I thought, would apply those changes to anything that needed to know about them. After all, restarting Samba restarts four packages total. In reality, I also had to restart winbind on its own. As soon as I did that, it picked up the updated smb.conf and everything worked as I wanted it to. Lesson: if you use winbind with Samba, restart both of them.
answered Oct 2 '18 at 15:58
AH16AH16
44
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f472648%2funable-to-change-home-folder-setting-in-samba-winbind%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Well, I figured it out. It's probably obvious to any Linux admins, but it's new to me.
The changes I made are in /etc/samba/smb.conf. Restarting Samba, I thought, would apply those changes to anything that needed to know about them. After all, restarting Samba restarts four packages total. In reality, I also had to restart winbind on its own. As soon as I did that, it picked up the updated smb.conf and everything worked as I wanted it to. Lesson: if you use winbind with Samba, restart both of them.
answered Oct 2 '18 at 15:58
AH16AH16
44
add a comment |
Well, I figured it out. It's probably obvious to any Linux admins, but it's new to me.
The changes I made are in /etc/samba/smb.conf. Restarting Samba, I thought, would apply those changes to anything that needed to know about them. After all, restarting Samba restarts four packages total. In reality, I also had to restart winbind on its own. As soon as I did that, it picked up the updated smb.conf and everything worked as I wanted it to. Lesson: if you use winbind with Samba, restart both of them.
answered Oct 2 '18 at 15:58
AH16AH16
44
add a comment |
Well, I figured it out. It's probably obvious to any Linux admins, but it's new to me.
The changes I made are in /etc/samba/smb.conf. Restarting Samba, I thought, would apply those changes to anything that needed to know about them. After all, restarting Samba restarts four packages total. In reality, I also had to restart winbind on its own. As soon as I did that, it picked up the updated smb.conf and everything worked as I wanted it to. Lesson: if you use winbind with Samba, restart both of them.
answered Oct 2 '18 at 15:58
AH16AH16
44
Well, I figured it out. It's probably obvious to any Linux admins, but it's new to me.
The changes I made are in /etc/samba/smb.conf. Restarting Samba, I thought, would apply those changes to anything that needed to know about them. After all, restarting Samba restarts four packages total. In reality, I also had to restart winbind on its own. As soon as I did that, it picked up the updated smb.conf and everything worked as I wanted it to. Lesson: if you use winbind with Samba, restart both of them.
answered Oct 2 '18 at 15:58
AH16AH16
44
answered Oct 2 '18 at 15:58
AH16AH16
44
answered Oct 2 '18 at 15:58
AH16AH16
44
answered Oct 2 '18 at 15:58
AH16AH16
44
44
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f472648%2funable-to-change-home-folder-setting-in-samba-winbind%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
The AD server has no home folders specified for any users. On the off chance that this would help, I looked yesterday before I posted the question. That said, I'm by no means an AD expert. Is there anywhere else that a home folder might be specified, apart from the properties of the profile in question? Again, too, I'm trying to change the home folder in Debian when the user SSH-es in, not the home folder the user would go to on a Windows box when logging in with AD credentials. I don't know whether these are the same in AD.
– AH16
Oct 2 '18 at 14:01
I have absolutely no clue... I'm neither good with samba neither with AD
– Kiwy
Oct 2 '18 at 14:30
Why do you have
winbindandsssdinstalled at the same time? If you're not usingsssdI would really recommend you get rid of it. (But better, would be to usesssdand move on fromwinbind. Really.)– roaima
Oct 2 '18 at 22:13
I have both because some articles used one, some used the other. I tried SSSD first, and could never get it to work. When I instead switched to Winbind, everything went quite smoothly. I'm now nervous about removing SSSD, for fear of knocking down the house of cards I've somehow managed to get working. :) Why do you suggest SSSD over Winbind? I have no preference, except Winbind seemed to work more easily, so I went with it. Thanks.
– AH16
Oct 3 '18 at 15:13