[Samba] smbd could not access share directory on drbd (8.3 on
Centos 5 i386)
Günter Kukkukk
linux at kukkukk.com
Fri Feb 27 00:36:43 GMT 2009
Am Freitag, 27. Februar 2009 schrieb Steven Truong:
> Dear, all. I am pulling my hair because I could not find any error
> messsages that could point me to a fix to my problem.
>
> The directory I want to share was mounted on /home with drbd and
> heartbeat but then my users could not access any shares / their home
> directories. However, if I set up shares else where on my box like
> share under /opt or /usr/local, then the same users would be able to
> access these directories with out any error.
>
> I ran strace and smbd seemed unable to access/stat the /home and
> shares under home. I looked into the access log of the client machine
> and found out that the error was share "does not exist or permission
> denied". I would say that from my investigation of this problem, it
> is clear that smbd could not see /home and its share.
>
> Even though I set up my samba server as a standalone and authenticate
> all users directly to openldap directory but my users clearly have
> been able to access share that are not under /home (that were mounted
> on /opt or /usr/local).
>
>
> [root at polaris2 home]# strace -f /etc/init.d/smb start
>
> [pid 4646] geteuid32() = 10024
> [pid 4646] stat64("/home/share2", 0xbfc79dc8) = -1 EACCES (Permission denied)
> [pid 4646] time(NULL) = 1235688608
> [pid 4646] stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...})
> = 0
> [pid 4646] geteuid32() = 10024
> [pid 4646] write(22, "[2009/02/26 14:50:08, 0] smbd/s"..., 68) = 68
> [pid 4646] geteuid32() = 10024
> [pid 4646] write(22, " \'/home/share2\' does not exist "..., 110) = 110
>
> [root at polaris2 home]# tailf /var/log/samba/user-39.log
> .....
> [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1078)
> Can't become connected user!
> [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1152)
> '/home/share2' does not exist or permission denied when connecting
> to [share2] Error was Permission denied
> ...
>
>
> [root at polaris2 samba]# testparm
> Load smb config files from /usr/local/stow/samba-3.2.5/etc/samba/smb.conf
> Processing section "[share1]"
> Processing section "[share2]"
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = MYNETWORK
> netbios name = POLARIS
> server string = polaris
> interfaces = lo, eth1
> bind interfaces only = Yes
> passdb backend = ldapsam:ldaps://ldapvm.mynetwork.com
> syslog = 4
> log file = /var/log/samba/%m.log
> max log size = 500
> name resolve order = wins bcast host
> deadtime = 10
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> printcap name = /etc/printcap
> disable spoolss = Yes
> show add printer wizard = No
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> logon path = ""
> logon home = ""
> os level = 0
> local master = No
> domain master = No
> dns proxy = No
> ldap admin dn = cn=Manager,dc=mynetwork,dc=com
> ldap group suffix = ou=groups
> ldap passwd sync = Yes
> ldap suffix = dc=mynetwork,dc=com
> ldap user suffix = ou=people
> valid users = user1, user2, user3
> hosts allow = 127., 192.168.10.
>
> [share1]
> comment = share1 on polaris
> path = /opt/QB
> read only = No
> create mask = 0664
> directory mask = 0775
> inherit permissions = Yes
>
> [share2]
> comment = share2 on polaris
> path = /home/share2
> read only = No
> create mask = 0664
> directory mask = 0775
> inherit permissions = Yes
>
> [homes]
> valid users = %S
> read only = No
> inherit permissions = Yes
> browseable = No
> ---------------------------------------------
> [root at polaris2 samba]# df
> Filesystem 1K-blocks Used Available Use% Mounted on
> /dev/md0 1524876 342648 1103516 24% /
> /dev/md6 3049960 456616 2435916 16% /opt
> /dev/md5 505508 10559 468850 3% /tmp
> /dev/md3 6092288 2155656 3622168 38% /usr
> /dev/md4 10153912 545084 9084716 6% /usr/local
> /dev/md2 4061440 550224 3301576 15% /var
> /dev/md1 256586 26682 216656 11% /boot
> tmpfs 1037772 0 1037772 0% /dev/shm
> /dev/drbd0 212232684 191988 201259812 1% /home
>
> [root at polaris2 samba]# mount
> /dev/md0 on / type ext3 (rw)
> proc on /proc type proc (rw)
> sysfs on /sys type sysfs (rw)
> devpts on /dev/pts type devpts (rw,gid=5,mode=620)
> /dev/md6 on /opt type ext3 (rw)
> /dev/md5 on /tmp type ext3 (rw)
> /dev/md3 on /usr type ext3 (rw)
> /dev/md4 on /usr/local type ext3 (rw)
> /dev/md2 on /var type ext3 (rw)
> /dev/md1 on /boot type ext3 (rw)
> tmpfs on /dev/shm type tmpfs (rw)
> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
> /dev/drbd0 on /home type ext3 (rw)
>
> [root at polaris2 samba]# ls /home/
> a lost+found share2 testuser
> [root at polaris2 samba]# cd /home/
> [root at polaris2 home]# !echo
> echo "Hello world" > b
> [root at polaris2 home]# ls
> a b lost+found share2 testuser
> [root at polaris2 home]# cat b
> Hello world
> [root at polaris2 home]# cd share2
> [root at polaris2 share2]# ls
> a
> [root at polaris2 share2]# rm a
> rm: remove regular empty file `a'? y
> [root at polaris2 share2]# !echo
> echo "Hello world" > b
> [root at polaris2 share2]# echo "Hello world" > c
> [root at polaris2 share2]# cat c
> Hello world
> [root at polaris2 home]# ls -laht share2
> total 12K
> drwxr-xr-x 2 masistin humanresource 4.0K Feb 26 14:46 .
> -rw-r--r-- 1 masistin humanresource 12 Feb 26 14:46 c
> drwxrwx--- 9 root root 4.0K Feb 26 14:45 ..
>
> Could somebody take help me to solve this problem?
>
> Thank you in advance,
> Steven.
are you running selinux or similar stuff on that box?
Subdir /home is then usually protected and you must
configure those "security observers".
Cheers, Günter
More information about the samba
mailing list