[Samba] nfs based shared home dir question

Ritter, Marcel (RRZE) marcel.ritter at fau.de
Mon Sep 7 10:20:39 UTC 2015


Hi Louis,

according to your mail user mapping works fine (even with NFSv4 ACLs).

However you're only trying to access the shares as "root".

As far as I understand krb5-based NFS, the username itself
is not what is used on the server side. Instead the credential oft he
user (on client side) is used to tell the server who you are.

So make sure your user (on the nfs client) has a valid ticket
(using kinit / pam_krb5 / pam_winbind).

And if that's the case, "klist" should list a nfs/* principal after the
user tried to access a NFS share.

BTW: That's why I was asking for an output of "klist".

Bye,
    Marcel

-----Urspr√ľngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. van Belle
Gesendet: Montag, 7. September 2015 10:44
An: samba at lists.samba.org
Betreff: Re: [Samba] nfs based shared home dir question

Ok, i clarify a bit more. 

\\servername.internal.domain.tld\users2\%username% is used in my AD for the home folder of the users.  %username% translates to the username. 

I tried 2 setups now, windows acl base setup and posix based setup. 
Both fail for me.

THE SERVER with the shares ( and is nfs server) The samba/windows part. ( postix rights setup ) On the server this is /home/samba/users2 Users is shared, owner root , Group root, everyone. 
These have all "special" rights, with "only this folder" 
ls -al gives :
drwxr-xr-x   3 root root  4096 Sep  7 10:18 users2
# file: home/samba/users2
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

root at print1:/home/users2# whoami
root

root at print1:/home/users2# cd someuser /
-su: cd: someuser /: Permission denied
root at rtd-print1:/home/users2# ls -al
total 16
drwxr-xr-x 3 root root 4096 Sep  7 10:18 .
drwxr-xr-x 8 root root 4096 Sep  7 10:16 ..
drwxrwx--- 2 root root 4096 Sep  7 10:18 someuser

even root cant access the user folder .. 

the outpur of  nfs4_getfacl someuser

A::OWNER@:rwaDxtTcCy
A::root at rotterdam.bazuin.nl:rwaDxtcy
A:: someuser at rotterdam.bazuin.nl:rwaDxtcy
A::GROUP@:tcy
A:g:root at rotterdam.bazuin.nl:tcy
A:g:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:root at rotterdam.bazuin.nl:rwaDxtcy
A:fdi:someuser at rotterdam.bazuin.nl:rwaDxtcy
A:fdi:GROUP@:tcy
A:fdig:root at rotterdam.bazuin.nl:tcy
A:fdig:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
A:fdi:EVERYONE@:tcy



I dont know where i went wrong here.. 


Greetz, 

Louis


More information about the samba mailing list