Home directories invisible

Hello again,

for some reason the home directory shares on my ucs server vanished
but are still accessible, when the username is beeing typed into the adresss bar of the windows explorer. Only Administrators home directory shows up (with access granted only for Administrator), no matter who is logged in, every user sees it.
Permissions are 700 for the home directory, 711 for the user directories beneath. Testparm output looks normal.
Maybe the valid user = %u parameter should be set(?), but - as far as I can see - the smb.conf cannot be edited manually in ucs. So I can’t to check that. Or is there any other known reason for that behaviour? The samba-tool ntacl sysvolreset didn’t bring a solution.
UCS-version is 4.3-3 errata466.
Any idea how to solve that?
Thank you

Bernhard

Do you really mean that /home has its permissions set to 0700 (-rwx------)? If so, no normal user may even access his or her home directory. The correct permissions are 0755.

Sorry, it’s a typo here. Permission is 755 of course.

valid users has no effect on share visibility.

Do you perchance have a regular share called administrator or something like that?

That’s somewhat correct. Manual changes to files in /etc/… that contain the template warning will be overwritten, that’s right. You could change the templates the files are generated from, though. They’re located in /etc/univention/templates/files. The drawback is that you’ll have to migrate those changes whenever the originals are updated via package updates. Therefore it’s highly preferable not to modify those templates.

To me this looks like a bug was fixed in Samba. On my UCS 4.3 servers the user home is still visible even though the share’s browseable setting is set to no. On my UCS 4.4 servers, though, the share isn’t visible anymore, even though the definitions of the [homes] share hasn’t changed.

However, setting browseable = yes only causes a share called homes to be shown, not a share by the user name.

man smb.conf reveals the following in the section about the [homes] share:

The browseable flag for auto home directories will be inherited from the global browseable flag, not the [homes] browseable flag. This is useful as it means setting browseable = no in the [homes] section will hide the [homes] share but make any auto home directories visible.

Unfortunately this doesn’t make much sense either as the same man smb.conf states that the browseable flag is a share-specific flag, not a global one. Adding insult to the injury is that adding browseable = yes in the [global] section doesn’t change a thing.

Either I completely misunderstand the man page, or there’s simply a bug there.

Anyway, I don’t think you can get Samba to re-display the auto-created home share at the moment.

Do you perchance have a regular share called administrator or something like that?
No, just should have been cleaning my glasses earlier. Permission for home/Administrator was 751. Sorry, again. Should be 711 like the rest, I think. I’ll try to change that later, when I’m back in the office. But: usualy, the home/user shares behave as if made invisible by hide unreadable=yes. But home/Administrator is owned by Administrator:Domain Admins, so it shouldn’t be visible for other users, even with 751. I don’t understand that …

Unfortunately this doesn’t make much sense either as the same man smb.conf states that the browseable flag is a share-specific flag, not a global one.

Thank you for your research in the manpage.
The statements sound contradictory, indeed.
So I will run an update as soon as possible and report the result here.
Thanks

Bernhard

Edit: The Phenomenon is not reliable. For some users today everthing looks normal. But when the same user logs in at another WinClient, his home directory is invisible there.

In our UCS 4 setup (all the way 4.0 through 4.4) home directories have never been visible until the user accesses them the first time via direct typing. This has to be done after every reboot. After some fiddling it is possible to show all (100 in our case) home directories, but not that of the specifically logged in user.

We solved it by creating links on the Desktop of each user and automatically mounting the home directory to a drive letter.

Why don’t you use a logon script or a group policy for that?

Mounting is of set up automatically (there is a UCS setting in the user configuration that handles the details) and creating a link was only done for a few users. This does not solve the initial problem and the change in behaviour from Samba 3 to Samba 4.