[Samba] Cannot access shared home directories from linux machine
steve
steve at steve-ss.com
Sat Jul 5 07:33:28 MDT 2014
On Thu, 2014-07-03 at 14:46 +0200, L.P.H. van Belle wrote:
> i see :
>
> >other::---
>
>
> what are the rights on
> /home
> and
> /home/DOMAIN
>
> try set it in linux on 755 ( both )
> and try again.
>
>
> Louis
>
> >-----Oorspronkelijk bericht-----
> >Van: ea4ml3f at gmx.at [mailto:samba-bounces at lists.samba.org] Namens isofx
> >Verzonden: donderdag 3 juli 2014 14:35
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] Cannot access shared home directories from
> >linux machine
> >
> >Hi,
> >
> >I configured a share for home-directories on my Debian Samba
> >PDC (4.1.9)
> >and connected the share on another linux machine (terminal server) via
> >/etc/fstab:
> >
> >//192.168.10.51/home /home/DOMAIN/ cifs
> >credentials=/root/.smbcredentials,iocharset=utf8 0 0
> >
> >The .smbcredentials file contains the Domain Administrators
> >username/password. The share is mounted successfully, however
> >users can
> >not log into their home directories.
Nope, I don't think you can. Before commiting to /etc/fstab, make sure
you can mount it manually on the DC:
(lose the ts for a while and work on the DC. Assuming you are on the DC
called ts01.domain.intern)
1. make sure you have a recent cifs-utils installed.
2. samba-tool domain exportkeytab /etc/krb5.keytab --principal=TS01$
3. mount -t cifs //ts01.domain.intern/home /mnt -osec=krb5,username=TS01
$
what do you have in /etc/request-key.conf
We can get it working as you wish when we know the dns and krb5 stuff is
OK.
HTH
Steve
> >
> >I configured the home share just like explained in the samba wiki
> >(https://wiki.samba.org/index.php/Setting_up_a_home_share).
> >I added a demo user "demo" - the respective home-directory was created
> >successfully and the permissions are fine checking from a
> >windows machine.
> >
> >However, when I try to connect to the terminal server as "demo", this
> >happens:
> >
> >Could not chdir to home directory /home/DOMAIN/demo: Permission denied
> >-bash: /home/DOMAIN/demo/.bash_profile: Permission denied
> >demo at ts01:/$
> >
> >Here's my PDC's smb.conf:
> >
> >[global]
> > workgroup = DOMAIN
> > realm = DOMAIN.INTERN
> > netbios name = DC01
> > server role = active directory domain controller
> > dns forwarder = 8.8.8.8
> > idmap_ldb:use rfc2307 = yes
> >
> > interfaces = lo eth0
> > bind interfaces only = yes
> > log file = /var/log/samba/samba.log
> >
> > security = user
> > encrypt passwords = yes
> >
> >[netlogon]
> > path = /var/lib/samba/sysvol/domain.intern/scripts
> > read only = No
> >
> >[sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> >[home]
> > path = /media/data01/home
> > read only = no
> >
> >I integrated the terminal server into the domain, authentication via
> >winbind works fine! Here's the terminal servers smb.conf:
> >
> >[global]
> >netbios name = TS01
> >server string = TS01
> >
> >workgroup = DOMAIN
> >realm = DOMAIN.INTERN
> >
> >security = ADS
> >local master = no
> >preferred master = no
> >dns proxy = no
> >
> >encrypt passwords = true
> >kerberos method = secrets and keytab
> >
> >vfs objects = acl_xattr
> >map acl inherit = Yes
> >store dos attributes = Yes
> >
> >winbind use default domain = yes
> >winbind enum groups = yes
> >winbind enum users = yes
> >winbind nss info = rfc2307
> >
> >map untrusted to domain = no
> >
> >template homedir = /home/DOMAIN/%U
> >template shell = /bin/bash
> >
> >idmap config * : backend = rid
> >idmap config * : range = 10000 - 49999
> >idmap uid = 50000 - 100000
> >idmap gid = 50000 - 100000
> >
> >This is the user information for the demo user:
> >
> >root at ts01:/home/DOMAIN# wbinfo -i demo
> >demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
> >
> >However this information is not listed in the ACLs of the folder:
> >
> >root at ts01:/home/DOMAIN# getfacl demo/
> ># file: demo/
> ># owner: 3000000
> ># group: users
> >user::rwx
> >user:root:rwx
> >user:3000002:rwx
> >user:3000008:rwx
> >user:3000033:rwx
> >group::r-x
> >group:users:r-x
> >group:3000000:rwx
> >group:3000002:rwx
> >group:3000008:rwx
> >group:3000033:rwx
> >mask::rwx
> >other::---
> >default:user::rwx
> >default:user:root:rwx
> >default:user:3000000:rwx
> >default:user:3000002:rwx
> >default:user:3000008:rwx
> >default:user:3000033:rwx
> >default:group::r--
> >default:group:users:r--
> >default:group:3000000:rwx
> >default:group:3000002:rwx
> >default:group:3000008:rwx
> >default:group:3000033:rwx
> >default:mask::rwx
> >default:other::---
> >
> >This is my first try of configuring a domain using samba - I'm
> >grateful
> >for any hints in the right direction!
> >
> >Best regards,
> >
> >Rainhard
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
More information about the samba
mailing list