[Samba] smbd could not access share directory on drbd (8.3 on
Centos 5 i386)
Steven Truong
midair77 at gmail.com
Fri Feb 27 17:52:30 GMT 2009
On Thu, Feb 26, 2009 at 7:36 PM, Günter Kukkukk <linux at kukkukk.com> wrote:
> Am Freitag, 27. Februar 2009 schrieb Steven Truong:
>> Dear, all. I am pulling my hair because I could not find any error
>> messsages that could point me to a fix to my problem.
>>
>> The directory I want to share was mounted on /home with drbd and
>> heartbeat but then my users could not access any shares / their home
>> directories. However, if I set up shares else where on my box like
>> share under /opt or /usr/local, then the same users would be able to
>> access these directories with out any error.
>>
>> I ran strace and smbd seemed unable to access/stat the /home and
>> shares under home. I looked into the access log of the client machine
>> and found out that the error was share "does not exist or permission
>> denied". I would say that from my investigation of this problem, it
>> is clear that smbd could not see /home and its share.
>>
>> Even though I set up my samba server as a standalone and authenticate
>> all users directly to openldap directory but my users clearly have
>> been able to access share that are not under /home (that were mounted
>> on /opt or /usr/local).
>>
>>
>> [root at polaris2 home]# strace -f /etc/init.d/smb start
>>
>> [pid 4646] geteuid32() = 10024
>> [pid 4646] stat64("/home/share2", 0xbfc79dc8) = -1 EACCES (Permission denied)
>> [pid 4646] time(NULL) = 1235688608
>> [pid 4646] stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...})
>> = 0
>> [pid 4646] geteuid32() = 10024
>> [pid 4646] write(22, "[2009/02/26 14:50:08, 0] smbd/s"..., 68) = 68
>> [pid 4646] geteuid32() = 10024
>> [pid 4646] write(22, " \'/home/share2\' does not exist "..., 110) = 110
>>
>> [root at polaris2 home]# tailf /var/log/samba/user-39.log
>> .....
>> [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1078)
>> Can't become connected user!
>> [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1152)
>> '/home/share2' does not exist or permission denied when connecting
>> to [share2] Error was Permission denied
>> ...
>>
>>
>> [root at polaris2 samba]# testparm
>> Load smb config files from /usr/local/stow/samba-3.2.5/etc/samba/smb.conf
>> Processing section "[share1]"
>> Processing section "[share2]"
>> Processing section "[homes]"
>> Loaded services file OK.
>> Server role: ROLE_STANDALONE
>> Press enter to see a dump of your service definitions
>>
>> [global]
>> workgroup = MYNETWORK
>> netbios name = POLARIS
>> server string = polaris
>> interfaces = lo, eth1
>> bind interfaces only = Yes
>> passdb backend = ldapsam:ldaps://ldapvm.mynetwork.com
>> syslog = 4
>> log file = /var/log/samba/%m.log
>> max log size = 500
>> name resolve order = wins bcast host
>> deadtime = 10
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> load printers = No
>> printcap name = /etc/printcap
>> disable spoolss = Yes
>> show add printer wizard = No
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>> logon path = ""
>> logon home = ""
>> os level = 0
>> local master = No
>> domain master = No
>> dns proxy = No
>> ldap admin dn = cn=Manager,dc=mynetwork,dc=com
>> ldap group suffix = ou=groups
>> ldap passwd sync = Yes
>> ldap suffix = dc=mynetwork,dc=com
>> ldap user suffix = ou=people
>> valid users = user1, user2, user3
>> hosts allow = 127., 192.168.10.
>>
>> [share1]
>> comment = share1 on polaris
>> path = /opt/QB
>> read only = No
>> create mask = 0664
>> directory mask = 0775
>> inherit permissions = Yes
>>
>> [share2]
>> comment = share2 on polaris
>> path = /home/share2
>> read only = No
>> create mask = 0664
>> directory mask = 0775
>> inherit permissions = Yes
>>
>> [homes]
>> valid users = %S
>> read only = No
>> inherit permissions = Yes
>> browseable = No
>> ---------------------------------------------
>> [root at polaris2 samba]# df
>> Filesystem 1K-blocks Used Available Use% Mounted on
>> /dev/md0 1524876 342648 1103516 24% /
>> /dev/md6 3049960 456616 2435916 16% /opt
>> /dev/md5 505508 10559 468850 3% /tmp
>> /dev/md3 6092288 2155656 3622168 38% /usr
>> /dev/md4 10153912 545084 9084716 6% /usr/local
>> /dev/md2 4061440 550224 3301576 15% /var
>> /dev/md1 256586 26682 216656 11% /boot
>> tmpfs 1037772 0 1037772 0% /dev/shm
>> /dev/drbd0 212232684 191988 201259812 1% /home
>>
>> [root at polaris2 samba]# mount
>> /dev/md0 on / type ext3 (rw)
>> proc on /proc type proc (rw)
>> sysfs on /sys type sysfs (rw)
>> devpts on /dev/pts type devpts (rw,gid=5,mode=620)
>> /dev/md6 on /opt type ext3 (rw)
>> /dev/md5 on /tmp type ext3 (rw)
>> /dev/md3 on /usr type ext3 (rw)
>> /dev/md4 on /usr/local type ext3 (rw)
>> /dev/md2 on /var type ext3 (rw)
>> /dev/md1 on /boot type ext3 (rw)
>> tmpfs on /dev/shm type tmpfs (rw)
>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
>> /dev/drbd0 on /home type ext3 (rw)
>>
>> [root at polaris2 samba]# ls /home/
>> a lost+found share2 testuser
>> [root at polaris2 samba]# cd /home/
>> [root at polaris2 home]# !echo
>> echo "Hello world" > b
>> [root at polaris2 home]# ls
>> a b lost+found share2 testuser
>> [root at polaris2 home]# cat b
>> Hello world
>> [root at polaris2 home]# cd share2
>> [root at polaris2 share2]# ls
>> a
>> [root at polaris2 share2]# rm a
>> rm: remove regular empty file `a'? y
>> [root at polaris2 share2]# !echo
>> echo "Hello world" > b
>> [root at polaris2 share2]# echo "Hello world" > c
>> [root at polaris2 share2]# cat c
>> Hello world
>> [root at polaris2 home]# ls -laht share2
>> total 12K
>> drwxr-xr-x 2 masistin humanresource 4.0K Feb 26 14:46 .
>> -rw-r--r-- 1 masistin humanresource 12 Feb 26 14:46 c
>> drwxrwx--- 9 root root 4.0K Feb 26 14:45 ..
>>
>> Could somebody take help me to solve this problem?
>>
>> Thank you in advance,
>> Steven.
>
> are you running selinux or similar stuff on that box?
> Subdir /home is then usually protected and you must
> configure those "security observers".
> Cheers, Günter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Hi. I disabled selinux on this Centos box and I just do not think
this is the case because I have a bunch of other Centos boxes running
on my network and Samba on these boxes serve the /home directories to
my users. This box is different since its /home directory is mounted
under drbd.
Steven.
More information about the samba
mailing list