J. Pilfold-Bagwell
2010-Dec-02 14:27 UTC
[Samba] Home directory weirdness after upgrade from 3.0.33 to 3.5.6
Hi List, I've just updated from Samba 3.0.33 to 3.5.6 on my Centos 5.5 PDC and am having problems accessing home directories. To allow a backout option I set up a new server, put 3.0.33 on it, joined it to the domain and rsynced the home directories over with the flags necessary to maintain the permissions and user/group ownership. This worked and after completion I upgraded the new server to 3.5.6 flushed the /var/lib/samba directory of tdb and dat files, rsynced ldap.conf and smb.conf over from the old PDC, changedthe name to PDC and set up the LDAP user password, etc. using smbpasswd. I can now log in as a user but can't access the home directories. If I log in with my domain admin account, I can access user's directories and pulling up the properties window I can see the permissions in the security window and these are correct. Running getent passwd user and group show all the UNIX accounts from the LDAP server ok and "net groupmap list" shows all the correct group mapping. To be certain, I ran chmod and setfacl on the user's directories buty it made no difference. I have found other people with similar problems via Google but none of the solutions they tried, e.g. renaming and recreating smbpasswd etc. worked. Any suggestions gratefully received. ### smb.conf ### [global] # General Options for domain workgroup = BGS netbios name = PDC server string = PDC use sendfile = no log file = /var/log/samba/%m.log max log size = 50 map to guest = bad user security = user smb ports = 139 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd wins support = yes dns proxy = no dos charset = 850 unix charset = ISO8859-1 admin users = root BGS\admin log level = 0 smb ports = 139 idmap uid = 10000-200000 idmap gid = 10000-200000 winbind use default domain = yes interfaces = lo eth0 eth1 eth2 eth3 bind interfaces only = yes remote announce = 172.20.3.255/BGS 172.20.2.255/BGS 172.20.1.255/BGS 172.20.0.255/BGS remote browse sync = 172.20.0.255 172.20.1.255 172.20.2.255 172.20.3.255 local master = no os level = 100 domain master = yes preferred master = no name resolve order = bcast wins lmhosts domain logons = yes logon script = \\SMB5\netlogon\%g logon home = \\SMB5\%U ldap password sync = yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add group script = /usr/sbin/smbldap-groupadd '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' enable privileges = yes passdb backend = ldapsam:ldap://172.20.0.253 idmap backend = ldap:ldap://172.20.0.253 ldap admin dn = cn=Manager,dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk ldap machine suffix = ou=Users ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no writable = yes veto files = /*.exe/*.scr/*.vbs/*.asf/*.wma/*.mpeg/*.ra/*.ram/*.bas/*.bat/*.rar/ create mask = 0600 directory mask = 0700 [Profiles] comment = Roaming Profile Share path = /share/profiles read only = No browseable = No guest ok = Yes profile acls = Yes create mode = 600 directory mode = 700 # vfs objects = fake_perms profile acls = yes [netlogon] comment = Network Logon Service path = /netlogon guest ok = yes writable = no preexec = echo \"%u connected to %S from %m %I\" >> /var/log/samba/logons.log postexec = echo \"%u disconnected from %S from %m %I\" >> /var/log/samba/logons.log