...making Linux just a little more fun!

<-- prev | next -->

Home Folder Server For Windows Clients

By Avinoam Levkovich

One of the strategies to protect the data on user's personal computer is using a Home-Folders Server. This server contains folders for each user where the user can save his precious data, the server is backed up every night. At login, the Home-Folders Share (which contains your home folder) is mounted on the local machine, and the user can access it like any other local drive.

Home-Folders Server has a big overhead for the IT staff. Managing the ownership, shares, quota, permissions, and the never ending changes isn't one of the most pleasant tasks for any Sys-Admin.

The story begins when my organization old Home-Folders Server started showing signs of retirement wishes, we decided that it is time to build a new Home-Folders server. We started looking for a solution that will take the management overhead from the IT stuff, since our budget was low we wanted cheap but reliable system. Naturally, we started thinking about building a Linux server. We wanted this system to perform the following tasks:

  1. This system will be integrated into the organization's existing Win-2K active directory infrastructure.
  2. The system should function automatically. When we add a new user to the domain, the system will automatically create his home folder, grant the appropriate permissions and configure the user's quota.
  3. We will map the home-folder by using login scripts (KIX).
  4. The System will monitor the Server RAID-System, when the RAID is out of sync (damaged disk, Bad Controller, etc.) the script send a warning e-mail to the IT staff.

Since our budget was low, we decided to save money and still get good performance by using a new desktop PC (P4 1.6GHZ, 1GB RAM). To make the system reliable we decided to use four HDs (IDE, 120GB each) configured as RAID-5, for the Home-Folders partition. All other system partitions will use two HD (IDE, 12GB each) with RAID-1 (mirror). To get the extra IDE controllers I used PROMISE 133TX2, IDE Card (PCI), which works great with RedHat.

The Home-Folder System Installation and Configuration

After installing Linux (we used Redhat) and configuring the RAID system, take the following steps to finish the configuration of the Home-Folders Server:

  1. Install and configure the Samba server, share the Home-Folders partition with read/write permission (we will limit the access to the users' folders by using the system permissions.)
  2. Configure Winbind. Winbind is part of the Samba package which makes the integration to the windows domain easy.
    By using Winbind, Windows Users can access the Linux server using their logon credentials. Winbind verifies the user with the domain controller like any other Windows server. You can find more info on Winbind installation in this article : https://us2.samba.org/samba/docs/man/winbindd.8.html
    After installing Winbind, check its functionality by running the command:
    # getent passwd
    
    The output should be the list of users in the domain. If you do not receive this output, check your Winbind configuration.
  3. Configure quota support for the Home-Folders partition. You can find more info about quota configuration here: https://www.tldp.org/HOWTO/Quota.html
    Next, plan and decide how much space you wish to grant to each user, create a template user and assign a quota equal to the amount of space you decided. Later on we will use this user as a quota template.

    Note: this step is optional and only required if you want to use the quota system.

Home-Folders Creator Script

The following script is the heart of the system, the script retrieves the domain users list from the domain controller server into a file and removes all the unneeded data from the list. At this stage the system verifies that each user in this list owns a home-folder. If the user already has a home-folder the system write the char "." to the stdout and moves on, if the user is a new user and he still doesn't have a home-folder, the system will create a folder (the folder name will be the same as the username), grant ownership to the user, and apply the quota for this folder by copying the quota from the template quota user to this new user.

The system will log the new users home-folder creation to the system log file (/var/log/messages).

The Home-Folders creator script can be found here. You need to change the following parameters to reflect your server configuration:

HOME_FOLDERS_PATH - Assign the path to the Home-Folders Directory/Partition, it is essential to put the character "/" at the end of the path (e.g. /home/).

SEPERATOR - Assign the Winbind separator as it configured in the smb.conf file.

TEMP_USER - (OPTIONAL) if you want to use quota, you should uncomment this variable and Assign the username you created to act as a quota template. if so please remember to uncomment the line "edquota -p $TEMP_USER $DOMAIN$SEPERATOR$Folder_Name"

The RAID system watchdog script

The following script creates an endless loop that check the RAID system every 5 minutes, if the RAID is out of sync (damaged disk, Bad Controller etc..) the script will send an e-mail to a predefine mail address ( change the MAIL variable to reflect your mail address).

you can use this script as an independent RAID WatchDog for your other RAID-Systems.

In order to start this script automatically after reboot, you can add the path to the script to your rc.local file. The script can be found here.

Make the system function automatically

To automate the system you should execute the Home-Folders creator script as root at predefined intervals. By adding the following line to the root's cron jobs (using "crontab -e"), the Home-Folders script will execute every hour. (Change the script path to match your configuration.)

*/59 * * * * /etc/Home-Folders-creator.sh

Mapping the Home-Folder to the users during the logon process

By using a simple logon scripts system (I use KIX) you can map the Home-Folder Samba share during the user login process.

 


[BIO] Avinoam Levkovich is an RHCE in Israel, currently working as the Linux Sys-Admin at the Rambam Medical Center.

Copyright © 2004, Avinoam Levkovich. Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 101 of Linux Gazette, April 2004

<-- prev | next -->
Tux