[Samba] users home folders not accessable - access denied
dnk
d.k.emaillists at gmail.com
Mon Apr 27 16:53:06 GMT 2009
I apologize in advance if this is a double post. I had sent my last
one from my phone and i never saw it show up on here, so thought
something may have went haywire there. Anyways onto the issues:
System:
CentOS 5.3
samba-3.0.33-3.7.el5
samba-client-3.0.33-3.7.el5
samba-common-3.0.33-3.7.el5
I have a samba server that was running great. I have my /home mounted
on a raid 1 drive.
In my fstab it had:
/dev/md0 /home ext3 defaults,acl
1 2
Now i was running out of room, so i added another hard drive. As the
original system that was configured did not use LVM, I had to create a
new mount point.
So I formatted the new drive with ext3, and was going to split my
samba into two drives.. the raided drives would contain all my main
samba shares, and my home folders would just be on the new single
drive (space constrictions in the chassis, otherwise i would have done
it as raid 1 as well).
So I modified my fstab to be:
/dev/md0 /shares ext3
defaults,acl 1 2
/dev/sdc1 /home ext3
defaults,acl 1 2
Now as you can see, the raid 1 drives (my original /home) has been
moved to /shares and my new drive is now /home. All the home
directories were moved to the new drive (sdc1). I can access the data,
write to it, delete, etc. So all seems fine from the CLI. For all
intents and purposes, the new drive is there, mounting at boot, and
able to be used.
Now when i try to access all my shares, my main shares from the /
shares drive work like a charm. But when a user tries to access their
private folder (/home/username), they get the error:
\\server\username is not accessible. You might not have permission to
use this network resource. Contact the system administrator of this
server to find out if you have access permissions. The network name
cannot be found.
Now when browsing the network, I can see that share there.
When I look in my smbd.log file I see:
smbd/service.c:make_connection_snum(1003)
'/home/username' does not exist or permission denied when
connecting to [username] Error was Permission denied
Just to see if i can get more info, I tried mapping the drive
net use h: \\server\username
System error 53 has occurred. The network path was not found.
from another machine I tried to access via cli (os x to my samba server)
smbclient //server/username -Uusername%password
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
Below is my smb.conf
[global]
workgroup = DOM
netbios name = Server
server string = (%L)
wins support = Yes
name resolve order = wins bcast hosts
passdb backend = tdbsam
username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/
nobody %u
# Note: The following specifies the default logon script.
# Per user logon scripts can be specified in the user account using
pdbedit
logon script = %U.bat
# This sets the default profile path. Set per user paths with pdbedit
logon path =
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
#mac hacks
follow symlinks = yes
unix extensions = no
veto files = /.DS_Store/._.*/DesktopFolderDB/Network Trash Folder/
resource.frk/The
FindByContentFolder/TheVolumeSettingsFolder/
delete veto files = true
hide dot files = yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /shares/netlogon
admin users = root
guest ok = Yes
browseable = No
[main]
comment = Share for the users in the main group
path = /shares/main
valid users = @main
force group = main
create mask = 0660
directory mask = 0771
writeable = yes
Then I went as far as defining an actual share for on of my users to
test by adding to my smb.conf
[username]
comment = TMP Share for username files
path = /home/enorton
valid users = @username
force group = username
create mask = 0660
directory mask = 0771
writeable = yes
And all my symptoms were the same.
I also tried:
- I checked my rsolv.conf - all good there.
- pings both ways- all good
- firewall (none on the samba server - at this point for testing):
# iptables -L -v
Chain INPUT (policy ACCEPT 99665 packets, 18M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 87228 packets, 33M bytes)
pkts bytes target prot opt in out source
destination
- I tried to see my shares:
# smbclient -L server
Password:
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Sharename Type Comment
--------- ---- -------
main Disk Share for the users in the main group
IPC$ IPC IPC Service ((boleo))
root Disk Home Directories
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Server Comment
--------- -------
MACHINES LISTED
Workgroup Master
--------- -------
DOM SERVER
- No subnet restrictions (also moot since i can connect to my main
shares).
- Double checked permissions on the actual home folders:
# ls -al /home/ | grep user
drwx------ 5 user user 4096 Apr 26 23:48 user
-reset them to be safe:
# chmod -R 700 /home/username; chown -R user:user /home/user
- I tried:
nmblookup -B SERVER __SAMBA__
I got my proper IP back.
- from my PC in DOS, running:
net view \\SERVER
I get back my list of shares.
- And also:
nmblookup -M DOM
querying DOM on 192.168.xxx.255
192.168.xxx.xxx DOM<1d>
Reports back proper values.
As you can see I tried to be as thorough as possible.
Cuckoo for Cocoa Puffs over here.
Thanks in advance.
D
More information about the samba
mailing list