Steven Truong
2009-Feb-26 23:37 UTC
[Samba] smbd could not access share directory on drbd (8.3 on Centos 5 i386)
Dear, all. I am pulling my hair because I could not find any error
messsages that could point me to a fix to my problem.
The directory I want to share was mounted on /home with drbd and
heartbeat but then my users could not access any shares / their home
directories. However, if I set up shares else where on my box like
share under /opt or /usr/local, then the same users would be able to
access these directories with out any error.
I ran strace and smbd seemed unable to access/stat the /home and
shares under home. I looked into the access log of the client machine
and found out that the error was share "does not exist or permission
denied". I would say that from my investigation of this problem, it
is clear that smbd could not see /home and its share.
Even though I set up my samba server as a standalone and authenticate
all users directly to openldap directory but my users clearly have
been able to access share that are not under /home (that were mounted
on /opt or /usr/local).
[root@polaris2 home]# strace -f /etc/init.d/smb start
[pid 4646] geteuid32() = 10024
[pid 4646] stat64("/home/share2", 0xbfc79dc8) = -1 EACCES (Permission
denied)
[pid 4646] time(NULL) = 1235688608
[pid 4646] stat64("/etc/localtime", {st_mode=S_IFREG|0644,
st_size=2819, ...})
= 0
[pid 4646] geteuid32() = 10024
[pid 4646] write(22, "[2009/02/26 14:50:08, 0] smbd/s"..., 68) = 68
[pid 4646] geteuid32() = 10024
[pid 4646] write(22, " \'/home/share2\' does not exist "...,
110) = 110
[root@polaris2 home]# tailf /var/log/samba/user-39.log
.....
[2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1078)
Can't become connected user!
[2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1152)
'/home/share2' does not exist or permission denied when connecting
to [share2] Error was Permission denied
...
[root@polaris2 samba]# testparm
Load smb config files from /usr/local/stow/samba-3.2.5/etc/samba/smb.conf
Processing section "[share1]"
Processing section "[share2]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = MYNETWORK
netbios name = POLARIS
server string = polaris
interfaces = lo, eth1
bind interfaces only = Yes
passdb backend = ldapsam:ldaps://ldapvm.mynetwork.com
syslog = 4
log file = /var/log/samba/%m.log
max log size = 500
name resolve order = wins bcast host
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
printcap name = /etc/printcap
disable spoolss = Yes
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path = ""
logon home = ""
os level = 0
local master = No
domain master = No
dns proxy = No
ldap admin dn = cn=Manager,dc=mynetwork,dc=com
ldap group suffix = ou=groups
ldap passwd sync = Yes
ldap suffix = dc=mynetwork,dc=com
ldap user suffix = ou=people
valid users = user1, user2, user3
hosts allow = 127., 192.168.10.
[share1]
comment = share1 on polaris
path = /opt/QB
read only = No
create mask = 0664
directory mask = 0775
inherit permissions = Yes
[share2]
comment = share2 on polaris
path = /home/share2
read only = No
create mask = 0664
directory mask = 0775
inherit permissions = Yes
[homes]
valid users = %S
read only = No
inherit permissions = Yes
browseable = No
---------------------------------------------
[root@polaris2 samba]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/md0 1524876 342648 1103516 24% /
/dev/md6 3049960 456616 2435916 16% /opt
/dev/md5 505508 10559 468850 3% /tmp
/dev/md3 6092288 2155656 3622168 38% /usr
/dev/md4 10153912 545084 9084716 6% /usr/local
/dev/md2 4061440 550224 3301576 15% /var
/dev/md1 256586 26682 216656 11% /boot
tmpfs 1037772 0 1037772 0% /dev/shm
/dev/drbd0 212232684 191988 201259812 1% /home
[root@polaris2 samba]# mount
/dev/md0 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md6 on /opt type ext3 (rw)
/dev/md5 on /tmp type ext3 (rw)
/dev/md3 on /usr type ext3 (rw)
/dev/md4 on /usr/local type ext3 (rw)
/dev/md2 on /var type ext3 (rw)
/dev/md1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/drbd0 on /home type ext3 (rw)
[root@polaris2 samba]# ls /home/
a lost+found share2 testuser
[root@polaris2 samba]# cd /home/
[root@polaris2 home]# !echo
echo "Hello world" > b
[root@polaris2 home]# ls
a b lost+found share2 testuser
[root@polaris2 home]# cat b
Hello world
[root@polaris2 home]# cd share2
[root@polaris2 share2]# ls
a
[root@polaris2 share2]# rm a
rm: remove regular empty file `a'? y
[root@polaris2 share2]# !echo
echo "Hello world" > b
[root@polaris2 share2]# echo "Hello world" > c
[root@polaris2 share2]# cat c
Hello world
[root@polaris2 home]# ls -laht share2
total 12K
drwxr-xr-x 2 masistin humanresource 4.0K Feb 26 14:46 .
-rw-r--r-- 1 masistin humanresource 12 Feb 26 14:46 c
drwxrwx--- 9 root root 4.0K Feb 26 14:45 ..
Could somebody take help me to solve this problem?
Thank you in advance,
Steven.
Günter Kukkukk
2009-Feb-27 00:43 UTC
[Samba] smbd could not access share directory on drbd (8.3 on Centos 5 i386)
Am Freitag, 27. Februar 2009 schrieb Steven Truong:> Dear, all. I am pulling my hair because I could not find any error > messsages that could point me to a fix to my problem. > > The directory I want to share was mounted on /home with drbd and > heartbeat but then my users could not access any shares / their home > directories. However, if I set up shares else where on my box like > share under /opt or /usr/local, then the same users would be able to > access these directories with out any error. > > I ran strace and smbd seemed unable to access/stat the /home and > shares under home. I looked into the access log of the client machine > and found out that the error was share "does not exist or permission > denied". I would say that from my investigation of this problem, it > is clear that smbd could not see /home and its share. > > Even though I set up my samba server as a standalone and authenticate > all users directly to openldap directory but my users clearly have > been able to access share that are not under /home (that were mounted > on /opt or /usr/local). > > > [root@polaris2 home]# strace -f /etc/init.d/smb start > > [pid 4646] geteuid32() = 10024 > [pid 4646] stat64("/home/share2", 0xbfc79dc8) = -1 EACCES (Permission denied) > [pid 4646] time(NULL) = 1235688608 > [pid 4646] stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) > = 0 > [pid 4646] geteuid32() = 10024 > [pid 4646] write(22, "[2009/02/26 14:50:08, 0] smbd/s"..., 68) = 68 > [pid 4646] geteuid32() = 10024 > [pid 4646] write(22, " \'/home/share2\' does not exist "..., 110) = 110 > > [root@polaris2 home]# tailf /var/log/samba/user-39.log > ..... > [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1078) > Can't become connected user! > [2009/02/26 14:50:08, 0] smbd/service.c:make_connection_snum(1152) > '/home/share2' does not exist or permission denied when connecting > to [share2] Error was Permission denied > ... > > > [root@polaris2 samba]# testparm > Load smb config files from /usr/local/stow/samba-3.2.5/etc/samba/smb.conf > Processing section "[share1]" > Processing section "[share2]" > Processing section "[homes]" > Loaded services file OK. > Server role: ROLE_STANDALONE > Press enter to see a dump of your service definitions > > [global] > workgroup = MYNETWORK > netbios name = POLARIS > server string = polaris > interfaces = lo, eth1 > bind interfaces only = Yes > passdb backend = ldapsam:ldaps://ldapvm.mynetwork.com > syslog = 4 > log file = /var/log/samba/%m.log > max log size = 500 > name resolve order = wins bcast host > deadtime = 10 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > load printers = No > printcap name = /etc/printcap > disable spoolss = Yes > show add printer wizard = No > add user script = /usr/sbin/smbldap-useradd -m "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > logon path = "" > logon home = "" > os level = 0 > local master = No > domain master = No > dns proxy = No > ldap admin dn = cn=Manager,dc=mynetwork,dc=com > ldap group suffix = ou=groups > ldap passwd sync = Yes > ldap suffix = dc=mynetwork,dc=com > ldap user suffix = ou=people > valid users = user1, user2, user3 > hosts allow = 127., 192.168.10. > > [share1] > comment = share1 on polaris > path = /opt/QB > read only = No > create mask = 0664 > directory mask = 0775 > inherit permissions = Yes > > [share2] > comment = share2 on polaris > path = /home/share2 > read only = No > create mask = 0664 > directory mask = 0775 > inherit permissions = Yes > > [homes] > valid users = %S > read only = No > inherit permissions = Yes > browseable = No > --------------------------------------------- > [root@polaris2 samba]# df > Filesystem 1K-blocks Used Available Use% Mounted on > /dev/md0 1524876 342648 1103516 24% / > /dev/md6 3049960 456616 2435916 16% /opt > /dev/md5 505508 10559 468850 3% /tmp > /dev/md3 6092288 2155656 3622168 38% /usr > /dev/md4 10153912 545084 9084716 6% /usr/local > /dev/md2 4061440 550224 3301576 15% /var > /dev/md1 256586 26682 216656 11% /boot > tmpfs 1037772 0 1037772 0% /dev/shm > /dev/drbd0 212232684 191988 201259812 1% /home > > [root@polaris2 samba]# mount > /dev/md0 on / type ext3 (rw) > proc on /proc type proc (rw) > sysfs on /sys type sysfs (rw) > devpts on /dev/pts type devpts (rw,gid=5,mode=620) > /dev/md6 on /opt type ext3 (rw) > /dev/md5 on /tmp type ext3 (rw) > /dev/md3 on /usr type ext3 (rw) > /dev/md4 on /usr/local type ext3 (rw) > /dev/md2 on /var type ext3 (rw) > /dev/md1 on /boot type ext3 (rw) > tmpfs on /dev/shm type tmpfs (rw) > none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) > /dev/drbd0 on /home type ext3 (rw) > > [root@polaris2 samba]# ls /home/ > a lost+found share2 testuser > [root@polaris2 samba]# cd /home/ > [root@polaris2 home]# !echo > echo "Hello world" > b > [root@polaris2 home]# ls > a b lost+found share2 testuser > [root@polaris2 home]# cat b > Hello world > [root@polaris2 home]# cd share2 > [root@polaris2 share2]# ls > a > [root@polaris2 share2]# rm a > rm: remove regular empty file `a'? y > [root@polaris2 share2]# !echo > echo "Hello world" > b > [root@polaris2 share2]# echo "Hello world" > c > [root@polaris2 share2]# cat c > Hello world > [root@polaris2 home]# ls -laht share2 > total 12K > drwxr-xr-x 2 masistin humanresource 4.0K Feb 26 14:46 . > -rw-r--r-- 1 masistin humanresource 12 Feb 26 14:46 c > drwxrwx--- 9 root root 4.0K Feb 26 14:45 .. > > Could somebody take help me to solve this problem? > > Thank you in advance, > Steven.are you running selinux or similar stuff on that box? Subdir /home is then usually protected and you must configure those "security observers". Cheers, G?nter