[Samba] nfs based shared home dir question
Ritter, Marcel (RRZE)
marcel.ritter at fau.de
Mon Sep 7 10:20:39 UTC 2015
according to your mail user mapping works fine (even with NFSv4 ACLs).
However you're only trying to access the shares as "root".
As far as I understand krb5-based NFS, the username itself
is not what is used on the server side. Instead the credential oft he
user (on client side) is used to tell the server who you are.
So make sure your user (on the nfs client) has a valid ticket
(using kinit / pam_krb5 / pam_winbind).
And if that's the case, "klist" should list a nfs/* principal after the
user tried to access a NFS share.
BTW: That's why I was asking for an output of "klist".
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. van Belle
Gesendet: Montag, 7. September 2015 10:44
An: samba at lists.samba.org
Betreff: Re: [Samba] nfs based shared home dir question
Ok, i clarify a bit more.
\\servername.internal.domain.tld\users2\%username% is used in my AD for the home folder of the users. %username% translates to the username.
I tried 2 setups now, windows acl base setup and posix based setup.
Both fail for me.
THE SERVER with the shares ( and is nfs server) The samba/windows part. ( postix rights setup ) On the server this is /home/samba/users2 Users is shared, owner root , Group root, everyone.
These have all "special" rights, with "only this folder"
ls -al gives :
drwxr-xr-x 3 root root 4096 Sep 7 10:18 users2
# file: home/samba/users2
# owner: root
# group: root
root at print1:/home/users2# whoami
root at print1:/home/users2# cd someuser /
-su: cd: someuser /: Permission denied
root at rtd-print1:/home/users2# ls -al
drwxr-xr-x 3 root root 4096 Sep 7 10:18 .
drwxr-xr-x 8 root root 4096 Sep 7 10:16 ..
drwxrwx--- 2 root root 4096 Sep 7 10:18 someuser
even root cant access the user folder ..
the outpur of nfs4_getfacl someuser
A::root at rotterdam.bazuin.nl:rwaDxtcy
A:: someuser at rotterdam.bazuin.nl:rwaDxtcy
A:g:root at rotterdam.bazuin.nl:tcy
A:g:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
A:fdi:root at rotterdam.bazuin.nl:rwaDxtcy
A:fdi:someuser at rotterdam.bazuin.nl:rwaDxtcy
A:fdig:root at rotterdam.bazuin.nl:tcy
A:fdig:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
I dont know where i went wrong here..
More information about the samba