[Samba] CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?

Robert Heller heller at deepsoft.com
Thu Sep 21 18:08:28 UTC 2017 

I am setting up Samba on a standalone CentOS 7 server (using LDAP with 
openldap for authentifcation) and things and somewhat working.  There is a bit 
of weirdness though.  smbclient is only able to access *directories* and not 
any of the files.  Why is that?  What am I missing?

Here is a log of a test run:

[heller at c764guest: ~]$ ls -lZAn

total 8424
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000 1000      30 Jan 10  2016 .bash_history
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000      18 Nov 20  2015 .bash_logout
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     193 Nov 20  2015 .bash_profile
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     231 Nov 20  2015 .bashrc
drwx------. 12 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Sep 18 12:48 .cache
drwxr-xr-x. 15 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 .config
drwx------.  3 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Sep 18 12:48 .dbus
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Desktop
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Documents
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000  513     145 Sep 20 16:47 domainusers.ldif
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Downloads
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     334 Oct  7  2015 .emacs
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000 1000      16 Jan 10  2016 .esd_auth
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000      97 Sep 20 10:59 hellerfixgroup.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000      98 Sep 20 10:58 hellerfixgroup.ldif~
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     113 Sep 20 10:53 hellergroup.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     385 Sep 20 10:33 heller-incomplete.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     363 Sep 20 10:44 heller.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     405 Sep 20 10:44 heller.ldif~
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000 1000   19903 Sep 20 17:12 .history
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     314 Jan 10  2016 .ICEauthority
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     321 Sep 19 10:21 initial-dit.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     321 Sep 19 10:21 initial-dit.ldif~
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Sep 21 09:37 .jasspa
drwxr-xr-x.  4 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Sep 18 13:12 .lastpass
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     271 Sep 21 13:44 .lesshst
drwx------.  3 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 .local
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000 2070998 Sep 14 20:44 me-jasspa-data-20091011-1.noarch.rpm
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000  357483 Sep 14 20:44 me-jasspa-nox-20091011-1.x86_64.rpm
drwx------.  5 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Oct 19  2016 .mozilla
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Music
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     569 Sep 20 09:59 olcAccess
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000 5613971 Sep 18 13:11 OpenLDAP-Guide.ps
drwxrwxr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 perl5
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000   17300 Jan 15  2014 perl-Crypt-SmbHash-0.12-19.el7.noarch.rpm
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000   33916 Jan 13  2014 perl-Digest-MD4-1.9-1.el7.x86_64.rpm
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Pictures
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Public
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     240 Sep 19 13:13 samba-dit.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000  326692 Jun 16 07:25 smbldap-tools-0.9.11-6.el7.noarch.rpm
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000  513    1077 Sep 21 09:37 specialaccounts.ldif
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000  513     833 Sep 21 09:36 specialaccounts.ldif~
drwx------.  2 unconfined_u:object_r:ssh_home_t:s0 1000 1000    4096 Jan 10  2016 .ssh
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Templates
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     777 Sep 20 10:32 test2user-complete.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     111 Sep 19 12:00 testuser.ldif
-rw-rw-r--.  1 unconfined_u:object_r:home_root_t:s0 1000 1000     322 Sep 19 11:20 testuser.ldif~
-rw-r--r--.  1 unconfined_u:object_r:home_root_t:s0 1000  513       0 Sep 21 13:46 typescript
drwxr-xr-x.  2 unconfined_u:object_r:home_root_t:s0 1000 1000    4096 Jan 10  2016 Videos
-rw-------.  1 unconfined_u:object_r:home_root_t:s0 1000  513     136 Sep 21 09:19 .Xauthority
[heller at c764guest: ~]$ ldapsearch -x '(uid=heller)'

# extended LDIF
#
# LDAPv3
# base <dc=deepsoft,dc=com> (default) with scope subtree
# filter: (uid=heller)
# requesting: ALL
#

# heller, People, deepsoft.com
dn: uid=heller,ou=People,dc=deepsoft,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
cn: Robert Heller
sn: Heller
uid: heller
uidNumber: 1000
homeDirectory: /home/heller
loginShell: /bin/tcsh
gecos: Robert Heller
givenName: Robert
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: Robert Heller
sambaSID: S-1-5-21-95464538-612412934-1487432003-1001
sambaPrimaryGroupSID: S-1-5-21-95464538-612412934-1487432003-513
sambaProfilePath: \\\profiles\heller
sambaHomePath: \\\heller
sambaNTPassword: FAD49500A25E53558C940B6F98731106
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1505919385
sambaAcctFlags: [UX         ]
gidNumber: 513

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[heller at c764guest: ~]$ smbclient //C764GUEST/heller

ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://192.168.250.98/)
ldap_init: HOME env is /home/heller
ldap_init: trying /home/heller/ldaprc
ldap_init: trying /home/heller/.ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Enter heller's password: 
Domain=[DEEPSOFT] OS=[Windows 6.1] Server=[Samba 4.4.4]
smb: \> ls
  .                                   D        0  Thu Sep 21 13:46:58 2017
  ..                                  D        0  Tue Sep 19 14:20:40 2017
  Music                               D        0  Sun Jan 10 17:05:13 2016
  Pictures                            D        0  Sun Jan 10 17:05:13 2016
  .ssh                               DH        0  Sun Jan 10 17:12:12 2016
  Desktop                             D        0  Sun Jan 10 17:05:13 2016
  .cache                             DH        0  Mon Sep 18 12:48:47 2017
  Templates                           D        0  Sun Jan 10 17:05:13 2016
  .dbus                              DH        0  Mon Sep 18 12:48:45 2017
  Videos                              D        0  Sun Jan 10 17:05:13 2016
  .jasspa                            DH        0  Thu Sep 21 09:37:20 2017
  .local                             DH        0  Sun Jan 10 17:05:14 2016
  Documents                           D        0  Sun Jan 10 17:05:13 2016
  .config                            DH        0  Sun Jan 10 17:06:21 2016
  .lastpass                          DH        0  Mon Sep 18 13:12:00 2017
  perl5                               D        0  Sun Jan 10 17:05:14 2016
  .mozilla                           DH        0  Wed Oct 19 08:31:33 2016
  Downloads                           D        0  Sun Jan 10 17:05:13 2016
  Public                              D        0  Sun Jan 10 17:05:13 2016

		9156948 blocks of size 1024. 134436 blocks available
smb: \> more specialaccounts.ldif
NT_STATUS_ACCESS_DENIED opening remote file \specialaccounts.ldif
smb: \> exit
[heller at c764guest: ~]$ exit

This is my smb.conf file:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
	workgroup = DEEPSOFT
        server string = Samba Server Version %v
        interfaces = lo eth0 192.168.250.98/24
        hosts allow = 127. 192.168.250.

	security = user
        domain master = yes
        domain logons = yes
 
        encrypt passwords = true
	passdb backend = ldapsam:ldap://127.0.0.1
        ldapsam:trusted=yes
        ldap suffix = dc=deepsoft,dc=com
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Manager,dc=deepsoft,dc=com
        ldap ssl = off        
        ldap debug level = 1
        idmap config * : backend = ldap:ldap://127.0.0.1
        idmap config * : range = 500-999999
        log level = 3 passdb:5 auth:10

[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
;	inherit acls = Yes



-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services

More information about the samba mailing list