TL;DR
I am trying to set up TrueNAS with FreeIPA as a directory backend and offer my users a home share. But when users authenticate with kerberos, they get a home directory created by root and access fails because the are not owners of their own home directory.
General System Information:
TrueNAS Scale ElectricEel-24.10.2
After some fiddling with the initial setup, I could sync all users from FreeIPA to TrueNAS. For example, I created this testuser:
root@nas[~]# id test
uid=433200009(test) gid=433200009(test) groups=433200009(test)
test has the following attributes:
Then i followed the TrueNAS guides on creating the home shares. To mount the shares, I use kerberos and all works well enough:
ubuntu@adm: klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@FREEIPA.EXAMPLE.ORG
Valid starting Expires Service principal
12.03.2025 15:48:39 13.03.2025 15:36:43 krbtgt/FREEIPA.EXAMPLE.ORG@FREEIPA.EXAMPLE.ORG
12.03.2025 15:48:43 13.03.2025 15:36:43 cifs/nas.example.org@[FREEIPA.EXAMPLE.ORG](http://FREEIPA.EXAMPLE.ORG)
ubuntu@adm: smbclient -N --use-kerberos=required -L nas.example.org
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (TrueNAS Server)
homes Disk
test Disk Home directory of test
But mounting of the home directory for user test fails, because the home share is created and owned by root and not by the user itself. When I manually run chown test:test /mnt/nas/homedirs/test the user can afterwards access the share with mount -t cifs //nas.example.org/test /home/ubuntu/samba -o user=test,sec=krb5i.
Is there a way to let this user correctly own this own home directory at login without hacking the smb-share configuration, e.g. with root prexec = chown %U %S?