[Samba] Cannot access shared home directories from linux machine
steve
steve at steve-ss.com
Thu Jul 3 06:45:46 MDT 2014
On Thu, 2014-07-03 at 14:34 +0200, isofx wrote:
> Hi,
>
> I configured a share for home-directories on my Debian Samba PDC (4.1.9)
> and connected the share on another linux machine (terminal server) via
> /etc/fstab:
>
> //192.168.10.51/home /home/DOMAIN/ cifs
> credentials=/root/.smbcredentials,iocharset=utf8 0 0
>
> The .smbcredentials file contains the Domain Administrators
> username/password. The share is mounted successfully, however users can
> not log into their home directories.
>
> I configured the home share just like explained in the samba wiki
> (https://wiki.samba.org/index.php/Setting_up_a_home_share).
> I added a demo user "demo" - the respective home-directory was created
> successfully and the permissions are fine checking from a windows machine.
>
> However, when I try to connect to the terminal server as "demo", this
> happens:
>
> Could not chdir to home directory /home/DOMAIN/demo: Permission denied
> -bash: /home/DOMAIN/demo/.bash_profile: Permission denied
> demo at ts01:/$
>
> Here's my PDC's smb.conf:
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.INTERN
> netbios name = DC01
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
>
> interfaces = lo eth0
> bind interfaces only = yes
> log file = /var/log/samba/samba.log
>
> security = user
> encrypt passwords = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/domain.intern/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [home]
> path = /media/data01/home
> read only = no
>
> I integrated the terminal server into the domain, authentication via
> winbind works fine! Here's the terminal servers smb.conf:
>
> [global]
> netbios name = TS01
> server string = TS01
>
> workgroup = DOMAIN
> realm = DOMAIN.INTERN
>
> security = ADS
> local master = no
> preferred master = no
> dns proxy = no
>
> encrypt passwords = true
> kerberos method = secrets and keytab
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> winbind use default domain = yes
> winbind enum groups = yes
> winbind enum users = yes
> winbind nss info = rfc2307
>
> map untrusted to domain = no
>
> template homedir = /home/DOMAIN/%U
> template shell = /bin/bash
>
> idmap config * : backend = rid
> idmap config * : range = 10000 - 49999
> idmap uid = 50000 - 100000
> idmap gid = 50000 - 100000
>
> This is the user information for the demo user:
>
> root at ts01:/home/DOMAIN# wbinfo -i demo
> demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
>
> However this information is not listed in the ACLs of the folder:
>
> root at ts01:/home/DOMAIN# getfacl demo/
> # file: demo/
> # owner: 3000000
> # group: users
> user::rwx
> user:root:rwx
> user:3000002:rwx
> user:3000008:rwx
> user:3000033:rwx
> group::r-x
> group:users:r-x
> group:3000000:rwx
> group:3000002:rwx
> group:3000008:rwx
> group:3000033:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:3000000:rwx
> default:user:3000002:rwx
> default:user:3000008:rwx
> default:user:3000033:rwx
> default:group::r--
> default:group:users:r--
> default:group:3000000:rwx
> default:group:3000002:rwx
> default:group:3000008:rwx
> default:group:3000033:rwx
> default:mask::rwx
> default:other::---
>
> This is my first try of configuring a domain using samba - I'm grateful
> for any hints in the right direction!
>
> Best regards,
>
> Rainhard
Someone else please. It's not our turn!
More information about the samba
mailing list