[Samba] CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?
Robert Heller
heller at deepsoft.com
Thu Sep 21 18:08:28 UTC 2017
I am setting up Samba on a standalone CentOS 7 server (using LDAP with
openldap for authentifcation) and things and somewhat working. There is a bit
of weirdness though. smbclient is only able to access *directories* and not
any of the files. Why is that? What am I missing?
Here is a log of a test run:
[heller at c764guest: ~]$ ls -lZAn
total 8424
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 30 Jan 10 2016 .bash_history
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 18 Nov 20 2015 .bash_logout
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 193 Nov 20 2015 .bash_profile
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 231 Nov 20 2015 .bashrc
drwx------. 12 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Sep 18 12:48 [0m[01;34m.cache[0m
drwxr-xr-x. 15 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34m.config[0m
drwx------. 3 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Sep 18 12:48 [01;34m.dbus[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mDesktop[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mDocuments[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 145 Sep 20 16:47 domainusers.ldif
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mDownloads[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 334 Oct 7 2015 .emacs
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 16 Jan 10 2016 .esd_auth
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 97 Sep 20 10:59 hellerfixgroup.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 98 Sep 20 10:58 hellerfixgroup.ldif~
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 113 Sep 20 10:53 hellergroup.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 385 Sep 20 10:33 heller-incomplete.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 363 Sep 20 10:44 heller.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 405 Sep 20 10:44 heller.ldif~
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 19903 Sep 20 17:12 .history
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 314 Jan 10 2016 .ICEauthority
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 321 Sep 19 10:21 initial-dit.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 321 Sep 19 10:21 initial-dit.ldif~
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Sep 21 09:37 [01;34m.jasspa[0m
drwxr-xr-x. 4 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Sep 18 13:12 [01;34m.lastpass[0m
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 271 Sep 21 13:44 .lesshst
drwx------. 3 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34m.local[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 2070998 Sep 14 20:44 [01;31mme-jasspa-data-20091011-1.noarch.rpm[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 357483 Sep 14 20:44 [01;31mme-jasspa-nox-20091011-1.x86_64.rpm[0m
drwx------. 5 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Oct 19 2016 [01;34m.mozilla[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mMusic[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 569 Sep 20 09:59 olcAccess
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 5613971 Sep 18 13:11 OpenLDAP-Guide.ps
drwxrwxr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mperl5[0m
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 17300 Jan 15 2014 [01;31mperl-Crypt-SmbHash-0.12-19.el7.noarch.rpm[0m
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 33916 Jan 13 2014 [01;31mperl-Digest-MD4-1.9-1.el7.x86_64.rpm[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mPictures[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mPublic[0m
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 240 Sep 19 13:13 samba-dit.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 326692 Jun 16 07:25 [01;31msmbldap-tools-0.9.11-6.el7.noarch.rpm[0m
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 1077 Sep 21 09:37 specialaccounts.ldif
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 833 Sep 21 09:36 specialaccounts.ldif~
drwx------. 2 unconfined_u:object_r:ssh_home_t:s0 1000 1000 4096 Jan 10 2016 [01;34m.ssh[0m
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mTemplates[0m
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 777 Sep 20 10:32 test2user-complete.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 111 Sep 19 12:00 testuser.ldif
-rw-rw-r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 322 Sep 19 11:20 testuser.ldif~
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 513 0 Sep 21 13:46 typescript
drwxr-xr-x. 2 unconfined_u:object_r:home_root_t:s0 1000 1000 4096 Jan 10 2016 [01;34mVideos[0m
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 513 136 Sep 21 09:19 .Xauthority
[heller at c764guest: ~]$ ldapsearch -x '(uid=heller)'
# extended LDIF
#
# LDAPv3
# base <dc=deepsoft,dc=com> (default) with scope subtree
# filter: (uid=heller)
# requesting: ALL
#
# heller, People, deepsoft.com
dn: uid=heller,ou=People,dc=deepsoft,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
cn: Robert Heller
sn: Heller
uid: heller
uidNumber: 1000
homeDirectory: /home/heller
loginShell: /bin/tcsh
gecos: Robert Heller
givenName: Robert
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: Robert Heller
sambaSID: S-1-5-21-95464538-612412934-1487432003-1001
sambaPrimaryGroupSID: S-1-5-21-95464538-612412934-1487432003-513
sambaProfilePath: \\\profiles\heller
sambaHomePath: \\\heller
sambaNTPassword: FAD49500A25E53558C940B6F98731106
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1505919385
sambaAcctFlags: [UX ]
gidNumber: 513
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[heller at c764guest: ~]$ smbclient //C764GUEST/heller
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://192.168.250.98/)
ldap_init: HOME env is /home/heller
ldap_init: trying /home/heller/ldaprc
ldap_init: trying /home/heller/.ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Enter heller's password:
Domain=[DEEPSOFT] OS=[Windows 6.1] Server=[Samba 4.4.4]
smb: \> ls
. D 0 Thu Sep 21 13:46:58 2017
.. D 0 Tue Sep 19 14:20:40 2017
Music D 0 Sun Jan 10 17:05:13 2016
Pictures D 0 Sun Jan 10 17:05:13 2016
.ssh DH 0 Sun Jan 10 17:12:12 2016
Desktop D 0 Sun Jan 10 17:05:13 2016
.cache DH 0 Mon Sep 18 12:48:47 2017
Templates D 0 Sun Jan 10 17:05:13 2016
.dbus DH 0 Mon Sep 18 12:48:45 2017
Videos D 0 Sun Jan 10 17:05:13 2016
.jasspa DH 0 Thu Sep 21 09:37:20 2017
.local DH 0 Sun Jan 10 17:05:14 2016
Documents D 0 Sun Jan 10 17:05:13 2016
.config DH 0 Sun Jan 10 17:06:21 2016
.lastpass DH 0 Mon Sep 18 13:12:00 2017
perl5 D 0 Sun Jan 10 17:05:14 2016
.mozilla DH 0 Wed Oct 19 08:31:33 2016
Downloads D 0 Sun Jan 10 17:05:13 2016
Public D 0 Sun Jan 10 17:05:13 2016
9156948 blocks of size 1024. 134436 blocks available
smb: \> more specialaccounts.ldif
NT_STATUS_ACCESS_DENIED opening remote file \specialaccounts.ldif
smb: \> exit
[heller at c764guest: ~]$ exit
This is my smb.conf file:
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = DEEPSOFT
server string = Samba Server Version %v
interfaces = lo eth0 192.168.250.98/24
hosts allow = 127. 192.168.250.
security = user
domain master = yes
domain logons = yes
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1
ldapsam:trusted=yes
ldap suffix = dc=deepsoft,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=deepsoft,dc=com
ldap ssl = off
ldap debug level = 1
idmap config * : backend = ldap:ldap://127.0.0.1
idmap config * : range = 500-999999
log level = 3 passdb:5 auth:10
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
; inherit acls = Yes
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the samba
mailing list