[Samba] Cannot access shared home directories from linux machine

steve steve at steve-ss.com
Sat Jul 5 07:33:28 MDT 2014 

On Thu, 2014-07-03 at 14:46 +0200, L.P.H. van Belle wrote:
> i see : 
> 
> >other::---  
> 
> 
> what are the rights on  
> /home	
> and 
> /home/DOMAIN 
> 
> try set it in linux on 755 ( both ) 
> and try again. 
> 
> 
> Louis
> 
> >-----Oorspronkelijk bericht-----
> >Van: ea4ml3f at gmx.at [mailto:samba-bounces at lists.samba.org] Namens isofx
> >Verzonden: donderdag 3 juli 2014 14:35
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] Cannot access shared home directories from 
> >linux machine
> >
> >Hi,
> >
> >I configured a share for home-directories on my Debian Samba 
> >PDC (4.1.9) 
> >and connected the share on another linux machine (terminal server) via 
> >/etc/fstab:
> >
> >//192.168.10.51/home    /home/DOMAIN/       cifs 
> >credentials=/root/.smbcredentials,iocharset=utf8        0       0
> >
> >The .smbcredentials file contains the Domain Administrators 
> >username/password. The share is mounted successfully, however 
> >users can 
> >not log into their home directories.

Nope, I don't think you can. Before commiting to /etc/fstab, make sure
you can mount it manually on the DC:
(lose the ts for a while and work on the DC. Assuming you are on the DC
called ts01.domain.intern)

1. make sure you have a recent cifs-utils installed.
2. samba-tool domain exportkeytab /etc/krb5.keytab --principal=TS01$
3. mount -t cifs //ts01.domain.intern/home /mnt -osec=krb5,username=TS01
$

what do you have in /etc/request-key.conf
We can get it working as you wish when we know the dns and krb5 stuff is
OK.
HTH
Steve



> >
> >I configured the home share just like explained in the samba wiki 
> >(https://wiki.samba.org/index.php/Setting_up_a_home_share).
> >I added a demo user "demo" - the respective home-directory was created 
> >successfully and the permissions are fine checking from a 
> >windows machine.
> >
> >However, when I try to connect to the terminal server as "demo", this 
> >happens:
> >
> >Could not chdir to home directory /home/DOMAIN/demo: Permission denied
> >-bash: /home/DOMAIN/demo/.bash_profile: Permission denied
> >demo at ts01:/$
> >
> >Here's my PDC's smb.conf:
> >
> >[global]
> >         workgroup = DOMAIN
> >         realm = DOMAIN.INTERN
> >         netbios name = DC01
> >         server role = active directory domain controller
> >         dns forwarder = 8.8.8.8
> >         idmap_ldb:use rfc2307 = yes
> >
> >         interfaces = lo eth0
> >         bind interfaces only = yes
> >         log file = /var/log/samba/samba.log
> >
> >         security = user
> >         encrypt passwords = yes
> >
> >[netlogon]
> >         path = /var/lib/samba/sysvol/domain.intern/scripts
> >         read only = No
> >
> >[sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> >[home]
> >         path = /media/data01/home
> >         read only = no
> >
> >I integrated the terminal server into the domain, authentication via 
> >winbind works fine! Here's the terminal servers smb.conf:
> >
> >[global]
> >netbios name = TS01
> >server string = TS01
> >
> >workgroup = DOMAIN
> >realm = DOMAIN.INTERN
> >
> >security = ADS
> >local master = no
> >preferred master = no
> >dns proxy = no
> >
> >encrypt passwords = true
> >kerberos method = secrets and keytab
> >
> >vfs objects = acl_xattr
> >map acl inherit = Yes
> >store dos attributes = Yes
> >
> >winbind use default domain = yes
> >winbind enum groups = yes
> >winbind enum users = yes
> >winbind nss info = rfc2307
> >
> >map untrusted to domain = no
> >
> >template homedir = /home/DOMAIN/%U
> >template shell = /bin/bash
> >
> >idmap config * : backend = rid
> >idmap config * : range = 10000 - 49999
> >idmap uid = 50000 - 100000
> >idmap gid = 50000 - 100000
> >
> >This is the user information for the demo user:
> >
> >root at ts01:/home/DOMAIN# wbinfo -i demo
> >demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
> >
> >However this information is not listed in the ACLs of the folder:
> >
> >root at ts01:/home/DOMAIN# getfacl demo/
> ># file: demo/
> ># owner: 3000000
> ># group: users
> >user::rwx
> >user:root:rwx
> >user:3000002:rwx
> >user:3000008:rwx
> >user:3000033:rwx
> >group::r-x
> >group:users:r-x
> >group:3000000:rwx
> >group:3000002:rwx
> >group:3000008:rwx
> >group:3000033:rwx
> >mask::rwx
> >other::---
> >default:user::rwx
> >default:user:root:rwx
> >default:user:3000000:rwx
> >default:user:3000002:rwx
> >default:user:3000008:rwx
> >default:user:3000033:rwx
> >default:group::r--
> >default:group:users:r--
> >default:group:3000000:rwx
> >default:group:3000002:rwx
> >default:group:3000008:rwx
> >default:group:3000033:rwx
> >default:mask::rwx
> >default:other::---
> >
> >This is my first try of configuring a domain using samba - I'm 
> >grateful 
> >for any hints in the right direction!
> >
> >Best regards,
> >
> >Rainhard
> >-- 
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>

More information about the samba mailing list