Home Folder Server For Windows Clients
One of the strategies to protect the data on user's personal computer is using a Home-Folders Server. This server contains folders for each user where the user can save his precious data, the server is backed up every night. At login, the Home-Folders Share (which contains your home folder) is mounted on the local machine, and the user can access it like any other local drive.
Home-Folders Server has a big overhead for the IT staff. Managing the ownership, shares, quota, permissions, and the never ending changes isn't one of the most pleasant tasks for any Sys-Admin.
The story begins when my organization old Home-Folders Server started
showing signs of retirement wishes, we decided that it is time to build a new
Home-Folders server. We started looking for a solution that will take the
management overhead from the IT stuff, since our budget was low we wanted
cheap but reliable system. Naturally, we started thinking about building a
Linux server. We wanted this system to perform the following tasks:
Since our budget was low, we decided to save money and still get good performance by using a new desktop PC (P4 1.6GHZ, 1GB RAM). To make the system reliable we decided to use four HDs (IDE, 120GB each) configured as RAID-5, for the Home-Folders partition. All other system partitions will use two HD (IDE, 12GB each) with RAID-1 (mirror). To get the extra IDE controllers I used PROMISE 133TX2, IDE Card (PCI), which works great with RedHat.
The Home-Folder System Installation and Configuration
After installing Linux (we used Redhat) and configuring the RAID system, take the following steps to finish the configuration of the Home-Folders Server:
- Install and configure the Samba server, share the Home-Folders partition with read/write permission (we will limit the access to the users' folders by using the system permissions.)
- Configure Winbind. Winbind is part of the Samba package which makes
the integration to the windows domain easy.
By using Winbind, Windows Users can access the Linux server using their logon credentials. Winbind verifies the user with the domain controller like any other Windows server. You can find more info on Winbind installation in this article : http://us2.samba.org/samba/docs/man/winbindd.8.html
After installing Winbind, check its functionality by running the command:# getent passwd
The output should be the list of users in the domain. If you do not receive this output, check your Winbind configuration. - Configure quota support for the Home-Folders partition. You can find
more info about quota configuration here:
http://www.tldp.org/HOWTO/Quota.html
Next, plan and decide how much space you wish to grant to each user, create a template user and assign a quota equal to the amount of space you decided. Later on we will use this user as a quota template.Note: this step is optional and only required if you want to use the quota system.
Home-Folders Creator Script
The following script is the heart of the system, the script retrieves the domain users list from the domain controller server into a file and removes all the unneeded data from the list. At this stage the system verifies that each user in this list owns a home-folder. If the user already has a home-folder the system write the char "." to the stdout and moves on, if the user is a new user and he still doesn't have a home-folder, the system will create a folder (the folder name will be the same as the username), grant ownership to the user, and apply the quota for this folder by copying the quota from the template quota user to this new user.The system will log the new users home-folder creation to the system log file (/var/log/messages).
The Home-Folders creator script can be found here. You need to change the following parameters to reflect your server configuration:
HOME_FOLDERS_PATH - Assign the path to the Home-Folders Directory/Partition, it is essential to put the character "/" at the end of the path (e.g. /home/).
SEPERATOR - Assign the Winbind separator as it configured in the smb.conf file.
TEMP_USER - (OPTIONAL) if you want to use quota, you should uncomment this variable and Assign the username you created to act as a quota template. if so please remember to uncomment the line "edquota -p $TEMP_USER $DOMAIN$SEPERATOR$Folder_Name"
The RAID system watchdog script
The following script creates an endless loop that check the RAID system every 5 minutes, if the RAID is out of sync (damaged disk, Bad Controller etc..) the script will send an e-mail to a predefine mail address ( change the MAIL variable to reflect your mail address).
you can use this script as an independent RAID WatchDog for your other RAID-Systems.
In order to start this script automatically after reboot, you can add the path to the script to your rc.local file. The script can be found here.
Make the system function automatically
To automate the system you should execute the Home-Folders creator script as root at predefined intervals. By adding the following line to the root's cron jobs (using "crontab -e"), the Home-Folders script will execute every hour. (Change the script path to match your configuration.)
*/59 * * * * /etc/Home-Folders-creator.sh
Mapping the Home-Folder to the users during the logon process
By using a simple logon scripts system (I use KIX) you can map the Home-Folder Samba share during the user login process.
![[BIO]](../gx/2002/note.png)
Avinoam Levkovich is an RHCE in Israel, currently working
as the Linux Sys-Admin at the Rambam Medical Center.
