[Samba] Unable to set up home share correctly
Udo Willke
udo.willke at freenet.de
Thu Oct 13 14:22:47 UTC 2016
Hello Rowland,
Am 13.10.2016 um 15:09 schrieb Rowland Penny via samba:
> On Thu, 13 Oct 2016 14:48:57 +0200
> Udo Willke via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>>
>> thank you for your swift reply. I made the modifications you
>> suggested, which unfortunately did not better the situation. No
>> change as to the "Creator Owner" rights and the Administrator account
>> still shown as locked. Also, I couldn't spot any suspicious messages
>> in the Samba logfiles besides maybe
>>
>> get_referred_path: |profiles| in dfs path
>> \fileserver.mydomain.lan\profiles is not a dfs root.
>> get_referred_path: |home| in dfs path \fileserver.mydomain.lan\home
>> is not a dfs root.
>>
>> My test users have uidNumbers und gidNumbers defined. I found this
>> nifty command to list them
>>
>> root at fileserver:/var/log/samba# net ads search
>> '(|(uidNumber=*)(gidNumber=*))' sAMAccountName uidNumber gidNumber -P
>> Got 15 replies
>>
>> sAMAccountName: Enterprise Read-Only Domain Controllers
>> gidNumber: 10005
>>
>> sAMAccountName: Administrator
>> uidNumber: 10000
>> gidNumber: 10000
>>
>> sAMAccountName: Enterprise Admins
>> gidNumber: 10004
>>
>> sAMAccountName: workgroup-1
>> gidNumber: 10010
>>
>> sAMAccountName: Users
>> gidNumber: 10008
>>
>> sAMAccountName: DnsAdmins
>> gidNumber: 10006
>>
>> sAMAccountName: kbudwi
>> uidNumber: 10002
>> gidNumber: 10001
>>
>> sAMAccountName: kbmamu
>> uidNumber: 10004
>> gidNumber: 10001
>>
>> sAMAccountName: Guest
>> uidNumber: 10001
>> gidNumber: 10000
>>
>> sAMAccountName: Schema Admins
>> gidNumber: 10003
>>
>> sAMAccountName: Administrators
>> gidNumber: 10007
>>
>> sAMAccountName: Domain Admins
>> gidNumber: 10000
>>
>> sAMAccountName: Domain Users
>> gidNumber: 10001
>>
>> uidNumber: 10003
>> gidNumber: 10001
>> sAMAccountName: kbanre
>>
>> sAMAccountName: Domain Guests
>> gidNumber: 10002
>>
>> I can list those users and groups on the member server using "getent
>> passwd" and "getent group".
> Can I suggest you remove uid/gidNumber attributes from:
>
> Enterprise Read-Only Domain Controllers
> Administrator
> Enterprise Admins
> Users
> DnsAdmins
> Guest
> Schema Admins
> Administrators
> Domain Guests
>
> They will be mapped as required by '*' in smb.conf
> You have also made 'Administrator' a normal Unix user by giving it a
> uidNumber.
>
> Rowland
>
>
I have removed the rfc2307-IDs now. I guess going to the "Unix
Attributes" tab in ADUC and setting "NIS Domain" to "none" is sufficient?
Checking the getent commands:
root at fileserver:/var/log/samba# getent passwd | grep ^MYDOMAIN
MYDOMAIN\kbanre:*:10003:10001:XXXXXXXXXX:/var/share/samba/homes/kbanre:/bin/sh
MYDOMAIN\kbmamu:*:10004:10001:Max
Mustermann:/var/share/samba//homes/kbmamu:/bin/sh
MYDOMAIN\kbudwi:*:10002:10001:Udo
Willke:/var/share/samba/homes/kbudwi:/bin/sh
root at fileserver:/var/log/samba# getent group | grep ^MYDOMAIN
MYDOMAIN\domain admins:x:10000:
MYDOMAIN\domain users:x:10001:
MYDOMAIN\workgroup-1:x:10010:
Does this look good?
Should I recreate the /var/share/samba/homes directory? The owner with
UID 10000 is not known to Linux now:
root at fileserver:~# getfacl /var/share/samba/homes/
getfacl: Removing leading '/' from absolute path names
# file: var/share/samba/homes/
# owner: 10000
# group: MYDOMAIN\134domain\040admins
....
Apart from that: Still no home folders, even not able to create them
manually. All the initial symptoms persist :-(
Any ideas?
Thanks and best regards
Udo
More information about the samba
mailing list