[Samba] Cannot access shared home directories from linux machine

isofx ea4ml3f at gmx.at
Thu Jul 3 06:34:39 MDT 2014 

Hi,

I configured a share for home-directories on my Debian Samba PDC (4.1.9) 
and connected the share on another linux machine (terminal server) via 
/etc/fstab:

//192.168.10.51/home    /home/DOMAIN/       cifs 
credentials=/root/.smbcredentials,iocharset=utf8        0       0

The .smbcredentials file contains the Domain Administrators 
username/password. The share is mounted successfully, however users can 
not log into their home directories.

I configured the home share just like explained in the samba wiki 
(https://wiki.samba.org/index.php/Setting_up_a_home_share).
I added a demo user "demo" - the respective home-directory was created 
successfully and the permissions are fine checking from a windows machine.

However, when I try to connect to the terminal server as "demo", this 
happens:

Could not chdir to home directory /home/DOMAIN/demo: Permission denied
-bash: /home/DOMAIN/demo/.bash_profile: Permission denied
demo at ts01:/$

Here's my PDC's smb.conf:

[global]
         workgroup = DOMAIN
         realm = DOMAIN.INTERN
         netbios name = DC01
         server role = active directory domain controller
         dns forwarder = 8.8.8.8
         idmap_ldb:use rfc2307 = yes

         interfaces = lo eth0
         bind interfaces only = yes
         log file = /var/log/samba/samba.log

         security = user
         encrypt passwords = yes

[netlogon]
         path = /var/lib/samba/sysvol/domain.intern/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[home]
         path = /media/data01/home
         read only = no

I integrated the terminal server into the domain, authentication via 
winbind works fine! Here's the terminal servers smb.conf:

[global]
netbios name = TS01
server string = TS01

workgroup = DOMAIN
realm = DOMAIN.INTERN

security = ADS
local master = no
preferred master = no
dns proxy = no

encrypt passwords = true
kerberos method = secrets and keytab

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307

map untrusted to domain = no

template homedir = /home/DOMAIN/%U
template shell = /bin/bash

idmap config * : backend = rid
idmap config * : range = 10000 - 49999
idmap uid = 50000 - 100000
idmap gid = 50000 - 100000

This is the user information for the demo user:

root at ts01:/home/DOMAIN# wbinfo -i demo
demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash

However this information is not listed in the ACLs of the folder:

root at ts01:/home/DOMAIN# getfacl demo/
# file: demo/
# owner: 3000000
# group: users
user::rwx
user:root:rwx
user:3000002:rwx
user:3000008:rwx
user:3000033:rwx
group::r-x
group:users:r-x
group:3000000:rwx
group:3000002:rwx
group:3000008:rwx
group:3000033:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000002:rwx
default:user:3000008:rwx
default:user:3000033:rwx
default:group::r--
default:group:users:r--
default:group:3000000:rwx
default:group:3000002:rwx
default:group:3000008:rwx
default:group:3000033:rwx
default:mask::rwx
default:other::---

This is my first try of configuring a domain using samba - I'm grateful 
for any hints in the right direction!

Best regards,

Rainhard

More information about the samba mailing list