[Samba] nfs based shared home dir question (SOLVED)

L.P.H. van Belle belle at bazuin.nl
Mon Sep 7 10:45:26 UTC 2015


Your my hero !! 

You pointed me in the correct direction. 

I forgot to install libpam-krb5 ..., a bit stupid... 
Installed it, i did run pam-auth-update and its working now 

A very big thank you for having a look.. you made my day a good day :-) 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Ritter, Marcel (RRZE) [mailto:marcel.ritter at fau.de]
> Verzonden: maandag 7 september 2015 12:21
> Aan: 'L.P.H. van Belle'; samba at lists.samba.org
> Onderwerp: AW: [Samba] nfs based shared home dir question
> 
> Hi Louis,
> 
> according to your mail user mapping works fine (even with NFSv4 ACLs).
> 
> However you're only trying to access the shares as "root".
> 
> As far as I understand krb5-based NFS, the username itself
> is not what is used on the server side. Instead the credential oft he
> user (on client side) is used to tell the server who you are.
> 
> So make sure your user (on the nfs client) has a valid ticket
> (using kinit / pam_krb5 / pam_winbind).
> 
> And if that's the case, "klist" should list a nfs/* principal after the
> user tried to access a NFS share.
> 
> BTW: That's why I was asking for an output of "klist".
> 
> Bye,
>     Marcel
> 
> -----Urspr√ľngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H.
> van Belle
> Gesendet: Montag, 7. September 2015 10:44
> An: samba at lists.samba.org
> Betreff: Re: [Samba] nfs based shared home dir question
> 
> Ok, i clarify a bit more.
> 
> \\servername.internal.domain.tld\users2\%username% is used in my AD for
> the home folder of the users.  %username% translates to the username.
> 
> I tried 2 setups now, windows acl base setup and posix based setup.
> Both fail for me.
> 
> THE SERVER with the shares ( and is nfs server) The samba/windows part. (
> postix rights setup ) On the server this is /home/samba/users2 Users is
> shared, owner root , Group root, everyone.
> These have all "special" rights, with "only this folder"
> ls -al gives :
> drwxr-xr-x   3 root root  4096 Sep  7 10:18 users2
> # file: home/samba/users2
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
> 
> root at print1:/home/users2# whoami
> root
> 
> root at print1:/home/users2# cd someuser /
> -su: cd: someuser /: Permission denied
> root at rtd-print1:/home/users2# ls -al
> total 16
> drwxr-xr-x 3 root root 4096 Sep  7 10:18 .
> drwxr-xr-x 8 root root 4096 Sep  7 10:16 ..
> drwxrwx--- 2 root root 4096 Sep  7 10:18 someuser
> 
> even root cant access the user folder ..
> 
> the outpur of  nfs4_getfacl someuser
> 
> A::OWNER@:rwaDxtTcCy
> A::root at rotterdam.bazuin.nl:rwaDxtcy
> A:: someuser at rotterdam.bazuin.nl:rwaDxtcy
> A::GROUP@:tcy
> A:g:root at rotterdam.bazuin.nl:tcy
> A:g:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
> A::EVERYONE@:tcy
> A:fdi:OWNER@:rwaDxtTcCy
> A:fdi:root at rotterdam.bazuin.nl:rwaDxtcy
> A:fdi:someuser at rotterdam.bazuin.nl:rwaDxtcy
> A:fdi:GROUP@:tcy
> A:fdig:root at rotterdam.bazuin.nl:tcy
> A:fdig:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy
> A:fdi:EVERYONE@:tcy
> 
> 
> 
> I dont know where i went wrong here..
> 
> 
> Greetz,
> 
> Louis




More information about the samba mailing list