You will need to install packages for Posix ACLs and NFS.
sudo apt-get install acl nfs-kernel-server
In order to fully implement a Linux file server, I needed to ensure that the Windows ACL dialog could still be used to set arbitrary file permissions. Recent kernels ship with filesystem support for this already built in, so the Windows ACL dialog will function as it always has. Though these extended permissions will be honored on Linux workstations as well, Linux users will not be able to view or modify these permissions unless you explicitly add support for this into the kernel. If being able to view and modify extended ACLs from a Linux workstation is not a priority for you, then you can safely skip the rest of this section. Otherwise, you will need to build a kernel with NFS ACL support.
Follow the procedure from my article on building Debian kernel packages. The most recent release of Ubuntu ships with a 2.6.15 kernel. If you are using this distribution, I suggest that you build from the source tree provided by the linux-source-2.6.15 package. You will need a 2.6.15 kernel or greater to offer the support you need. If there are no Debian packages available in your distribution, download a vanilla source tree from www.kernel.org. Regardless of which source tree you choose, be sure to enable ACL support for the NFS client and the NFS server as well as for the file system in which your home directories will reside. Since we will also be serving home directories to Windows clients, enable SMBFS and CIFS support if it is not already enabled. Install the new kernel and reboot.
Before we configure NFS, we need to determine the root directory that will contain all of our users' home directories. For the purposes of this article, I will assume that you have chosen /export/home as your root directory.
Open /etc/exports and add the following line:
/export/home xxx.xxx.xxx.xxx/xx(rw,sync)Replace /export/home with your chosen root directory. Replace the xxx.xxx.xxx.xxx/xx with the network address of the subnet that will be accessing the shares (i.e. 10.0.0.0/16). The options in parentheses enable write access and synchronize file I/O.
To begin exporting the share, restart the NFS server.
sudo /etc/init.d/nfs-kernel-server restart
Now that our server is exporting home directories via NFS, we need to configure Samba to share these directories with our Windows clients.
Open /etc/samba/smb.conf, navigate to the [homes] section and make the following changes.
[homedirs] comment = Home Directories path = /export/home/ browseable = no inherit acls = yes inherit permissions = yes writable = yes
Notice that I renamed the section to [homedirs]. Since our home directories are being mounted from a shared filesystem, there is no need to configure the special [homes] share at all.
Replace /export/home/ with the root directory of your home directories. Disable browseable and enable writable.
Enabling inherit acls and inherit permissions forces Samba to honor the permissions of parent directories when new files and directories are created.
Restart the Samba service.
sudo /etc/init.d/samba restart
To enable ACL support in our users' home directories, you need to mount the filesystem that contains these directories with the acl option. Open /etc/fstab, navigate to the entry for the home directory partition, and add acl to the list of options.
/dev/sda1 /export/home ext3 defaults,acl 0 0With this option in place, remount the filesystem.
sudo mount -o remount /dev/sda1
The last thing you will need to do on the server is create home directories for your Active Directory users. I wrote a pair of scripts to automate this rather tedious procedure, userlist.vbs and mkhome.sh.
When run on your primary domain controller, userlist.vbs outputs a text file called userlist.txt with the names of all your Active Directory users. You can then use xargs to pass this file to mkhome.sh, which will create each user's home directory and set the appropriate permissions for each directory.
First, modify the ROOTDIR variable in mkhome.sh to point to the root directory of your home directories. With this information corrected, copy mkhome.sh and userlist.txt to your file server and run sudo xargs sh /path/to/mkhome.sh < /path/to/userlist.txt to create the home directories.
To make home directories for future users, run sudo sh /path/to/mkhome.sh user on the file server for each user you create.