[Samba] Home directory weirdness after upgrade from 3.0.33 to 3.5.6

J. Pilfold-Bagwell jpb at bordengrammar.kent.sch.uk
Thu Dec 2 07:27:35 MST 2010

Hi List,

I've just updated from Samba 3.0.33 to 3.5.6 on my Centos 5.5 PDC and am 
having problems accessing home directories.

To allow a backout option I set up a new server, put 3.0.33 on it, 
joined it to the domain and rsynced the home directories over with the 
flags necessary to maintain the permissions and user/group ownership.  
This worked and after completion I upgraded the new server to 3.5.6 
flushed the /var/lib/samba directory of tdb and dat files, rsynced 
ldap.conf and smb.conf over from the old PDC, changedthe name to PDC and 
set up the LDAP user password, etc.  using smbpasswd.

I can now log in as a user but can't access the home directories. If I 
log in with my domain admin account, I can access user's directories and 
pulling up the properties window I can see the permissions in the 
security window and these are correct.  Running getent passwd user and 
group show all the UNIX accounts from the LDAP server ok and "net 
groupmap list" shows all the correct group mapping.

To be certain, I ran chmod and setfacl on the user's directories buty it 
made no difference.

I have found other people with similar problems via Google but none of 
the solutions they tried, e.g. renaming and recreating smbpasswd etc. 
worked. Any suggestions gratefully  received.

### smb.conf ###


# General Options for domain
         workgroup = BGS
         netbios name = PDC
         server string = PDC
         use sendfile = no
         log file = /var/log/samba/%m.log
         max log size = 50
         map to guest = bad user
         security = user
         smb ports = 139
         encrypt passwords = yes
         smb passwd file = /etc/samba/smbpasswd
         wins support = yes
         dns proxy = no
         dos charset = 850
         unix charset = ISO8859-1
         admin users = root BGS\admin
         log level = 0
         smb ports = 139
         idmap uid = 10000-200000
         idmap gid = 10000-200000
         winbind use default domain = yes
         interfaces = lo eth0 eth1 eth2 eth3
         bind interfaces only = yes
         remote announce =
         remote browse sync =
         local master = no
         os level = 100
         domain master = yes
         preferred master = no
         name resolve order = bcast wins lmhosts
         domain logons = yes
         logon script = \\SMB5\netlogon\%g
         logon home = \\SMB5\%U
         ldap password sync = yes
         passwd program = /usr/sbin/smbldap-passwd -u %u
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
         add user script = /usr/sbin/smbldap-useradd -m '%u'
         delete user script = /usr/sbin/smbldap-userdel '%u'
         add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
         delete user from group script = /usr/sbin/smbldap-groupmod -x 
'%u' '%g'
         set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
         add group script = /usr/sbin/smbldap-groupadd '%g' && 
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
         delete group script = /usr/sbin/smbldap-groupdel '%g'
         add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null 
-c 'Machine Account' -s /bin/false '%u'
         enable privileges = yes
         passdb backend = ldapsam:ldap://
         idmap backend = ldap:ldap://
         ldap admin dn = cn=Manager,dc=bordengrammar,dc=kent,dc=sch,dc=uk
         ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk
         ldap machine suffix = ou=Users
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap idmap suffix = ou=Idmap

#============================ Share Definitions 
         comment = Home Directories
         browseable = no
         writable = yes
         veto files = 
         create mask = 0600
         directory mask = 0700

        comment = Roaming Profile Share
         path = /share/profiles
         read only = No
         browseable = No
         guest ok = Yes
         profile acls = Yes
         create mode = 600
         directory mode = 700
         # vfs objects = fake_perms
         profile acls = yes

         comment = Network Logon Service
         path = /netlogon
         guest ok = yes
         writable = no
         preexec = echo \"%u connected to %S from %m %I\" >> 
         postexec = echo \"%u disconnected from %S from %m %I\" >> 

More information about the samba mailing list