[Samba] Cannot access shared home directories from linux machine
isofx
ea4ml3f at gmx.at
Thu Jul 3 06:34:39 MDT 2014
Hi,
I configured a share for home-directories on my Debian Samba PDC (4.1.9)
and connected the share on another linux machine (terminal server) via
/etc/fstab:
//192.168.10.51/home /home/DOMAIN/ cifs
credentials=/root/.smbcredentials,iocharset=utf8 0 0
The .smbcredentials file contains the Domain Administrators
username/password. The share is mounted successfully, however users can
not log into their home directories.
I configured the home share just like explained in the samba wiki
(https://wiki.samba.org/index.php/Setting_up_a_home_share).
I added a demo user "demo" - the respective home-directory was created
successfully and the permissions are fine checking from a windows machine.
However, when I try to connect to the terminal server as "demo", this
happens:
Could not chdir to home directory /home/DOMAIN/demo: Permission denied
-bash: /home/DOMAIN/demo/.bash_profile: Permission denied
demo at ts01:/$
Here's my PDC's smb.conf:
[global]
workgroup = DOMAIN
realm = DOMAIN.INTERN
netbios name = DC01
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = lo eth0
bind interfaces only = yes
log file = /var/log/samba/samba.log
security = user
encrypt passwords = yes
[netlogon]
path = /var/lib/samba/sysvol/domain.intern/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[home]
path = /media/data01/home
read only = no
I integrated the terminal server into the domain, authentication via
winbind works fine! Here's the terminal servers smb.conf:
[global]
netbios name = TS01
server string = TS01
workgroup = DOMAIN
realm = DOMAIN.INTERN
security = ADS
local master = no
preferred master = no
dns proxy = no
encrypt passwords = true
kerberos method = secrets and keytab
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
map untrusted to domain = no
template homedir = /home/DOMAIN/%U
template shell = /bin/bash
idmap config * : backend = rid
idmap config * : range = 10000 - 49999
idmap uid = 50000 - 100000
idmap gid = 50000 - 100000
This is the user information for the demo user:
root at ts01:/home/DOMAIN# wbinfo -i demo
demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
However this information is not listed in the ACLs of the folder:
root at ts01:/home/DOMAIN# getfacl demo/
# file: demo/
# owner: 3000000
# group: users
user::rwx
user:root:rwx
user:3000002:rwx
user:3000008:rwx
user:3000033:rwx
group::r-x
group:users:r-x
group:3000000:rwx
group:3000002:rwx
group:3000008:rwx
group:3000033:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000002:rwx
default:user:3000008:rwx
default:user:3000033:rwx
default:group::r--
default:group:users:r--
default:group:3000000:rwx
default:group:3000002:rwx
default:group:3000008:rwx
default:group:3000033:rwx
default:mask::rwx
default:other::---
This is my first try of configuring a domain using samba - I'm grateful
for any hints in the right direction!
Best regards,
Rainhard
More information about the samba
mailing list