[Samba] Cannot access shared home directories from linux machine

steve steve at steve-ss.com
Thu Jul 3 06:45:46 MDT 2014 

On Thu, 2014-07-03 at 14:34 +0200, isofx wrote:
> Hi,
> 
> I configured a share for home-directories on my Debian Samba PDC (4.1.9) 
> and connected the share on another linux machine (terminal server) via 
> /etc/fstab:
> 
> //192.168.10.51/home    /home/DOMAIN/       cifs 
> credentials=/root/.smbcredentials,iocharset=utf8        0       0
> 
> The .smbcredentials file contains the Domain Administrators 
> username/password. The share is mounted successfully, however users can 
> not log into their home directories.
> 
> I configured the home share just like explained in the samba wiki 
> (https://wiki.samba.org/index.php/Setting_up_a_home_share).
> I added a demo user "demo" - the respective home-directory was created 
> successfully and the permissions are fine checking from a windows machine.
> 
> However, when I try to connect to the terminal server as "demo", this 
> happens:
> 
> Could not chdir to home directory /home/DOMAIN/demo: Permission denied
> -bash: /home/DOMAIN/demo/.bash_profile: Permission denied
> demo at ts01:/$
> 
> Here's my PDC's smb.conf:
> 
> [global]
>          workgroup = DOMAIN
>          realm = DOMAIN.INTERN
>          netbios name = DC01
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8
>          idmap_ldb:use rfc2307 = yes
> 
>          interfaces = lo eth0
>          bind interfaces only = yes
>          log file = /var/log/samba/samba.log
> 
>          security = user
>          encrypt passwords = yes
> 
> [netlogon]
>          path = /var/lib/samba/sysvol/domain.intern/scripts
>          read only = No
> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> [home]
>          path = /media/data01/home
>          read only = no
> 
> I integrated the terminal server into the domain, authentication via 
> winbind works fine! Here's the terminal servers smb.conf:
> 
> [global]
> netbios name = TS01
> server string = TS01
> 
> workgroup = DOMAIN
> realm = DOMAIN.INTERN
> 
> security = ADS
> local master = no
> preferred master = no
> dns proxy = no
> 
> encrypt passwords = true
> kerberos method = secrets and keytab
> 
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> 
> winbind use default domain = yes
> winbind enum groups = yes
> winbind enum users = yes
> winbind nss info = rfc2307
> 
> map untrusted to domain = no
> 
> template homedir = /home/DOMAIN/%U
> template shell = /bin/bash
> 
> idmap config * : backend = rid
> idmap config * : range = 10000 - 49999
> idmap uid = 50000 - 100000
> idmap gid = 50000 - 100000
> 
> This is the user information for the demo user:
> 
> root at ts01:/home/DOMAIN# wbinfo -i demo
> demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
> 
> However this information is not listed in the ACLs of the folder:
> 
> root at ts01:/home/DOMAIN# getfacl demo/
> # file: demo/
> # owner: 3000000
> # group: users
> user::rwx
> user:root:rwx
> user:3000002:rwx
> user:3000008:rwx
> user:3000033:rwx
> group::r-x
> group:users:r-x
> group:3000000:rwx
> group:3000002:rwx
> group:3000008:rwx
> group:3000033:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:3000000:rwx
> default:user:3000002:rwx
> default:user:3000008:rwx
> default:user:3000033:rwx
> default:group::r--
> default:group:users:r--
> default:group:3000000:rwx
> default:group:3000002:rwx
> default:group:3000008:rwx
> default:group:3000033:rwx
> default:mask::rwx
> default:other::---
> 
> This is my first try of configuring a domain using samba - I'm grateful 
> for any hints in the right direction!
> 
> Best regards,
> 
> Rainhard

Someone else please. It's not our turn!

More information about the samba mailing list