isofx
2014-Jul-03 12:34 UTC
[Samba] Cannot access shared home directories from linux machine
Hi,
I configured a share for home-directories on my Debian Samba PDC (4.1.9)
and connected the share on another linux machine (terminal server) via
/etc/fstab:
//192.168.10.51/home /home/DOMAIN/ cifs
credentials=/root/.smbcredentials,iocharset=utf8 0 0
The .smbcredentials file contains the Domain Administrators
username/password. The share is mounted successfully, however users can
not log into their home directories.
I configured the home share just like explained in the samba wiki
(https://wiki.samba.org/index.php/Setting_up_a_home_share).
I added a demo user "demo" - the respective home-directory was created
successfully and the permissions are fine checking from a windows machine.
However, when I try to connect to the terminal server as "demo", this
happens:
Could not chdir to home directory /home/DOMAIN/demo: Permission denied
-bash: /home/DOMAIN/demo/.bash_profile: Permission denied
demo at ts01:/$
Here's my PDC's smb.conf:
[global]
workgroup = DOMAIN
realm = DOMAIN.INTERN
netbios name = DC01
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
interfaces = lo eth0
bind interfaces only = yes
log file = /var/log/samba/samba.log
security = user
encrypt passwords = yes
[netlogon]
path = /var/lib/samba/sysvol/domain.intern/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[home]
path = /media/data01/home
read only = no
I integrated the terminal server into the domain, authentication via
winbind works fine! Here's the terminal servers smb.conf:
[global]
netbios name = TS01
server string = TS01
workgroup = DOMAIN
realm = DOMAIN.INTERN
security = ADS
local master = no
preferred master = no
dns proxy = no
encrypt passwords = true
kerberos method = secrets and keytab
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
map untrusted to domain = no
template homedir = /home/DOMAIN/%U
template shell = /bin/bash
idmap config * : backend = rid
idmap config * : range = 10000 - 49999
idmap uid = 50000 - 100000
idmap gid = 50000 - 100000
This is the user information for the demo user:
root at ts01:/home/DOMAIN# wbinfo -i demo
demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash
However this information is not listed in the ACLs of the folder:
root at ts01:/home/DOMAIN# getfacl demo/
# file: demo/
# owner: 3000000
# group: users
user::rwx
user:root:rwx
user:3000002:rwx
user:3000008:rwx
user:3000033:rwx
group::r-x
group:users:r-x
group:3000000:rwx
group:3000002:rwx
group:3000008:rwx
group:3000033:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000000:rwx
default:user:3000002:rwx
default:user:3000008:rwx
default:user:3000033:rwx
default:group::r--
default:group:users:r--
default:group:3000000:rwx
default:group:3000002:rwx
default:group:3000008:rwx
default:group:3000033:rwx
default:mask::rwx
default:other::---
This is my first try of configuring a domain using samba - I'm grateful
for any hints in the right direction!
Best regards,
Rainhard
steve
2014-Jul-03 12:45 UTC
[Samba] Cannot access shared home directories from linux machine
On Thu, 2014-07-03 at 14:34 +0200, isofx wrote:> Hi, > > I configured a share for home-directories on my Debian Samba PDC (4.1.9) > and connected the share on another linux machine (terminal server) via > /etc/fstab: > > //192.168.10.51/home /home/DOMAIN/ cifs > credentials=/root/.smbcredentials,iocharset=utf8 0 0 > > The .smbcredentials file contains the Domain Administrators > username/password. The share is mounted successfully, however users can > not log into their home directories. > > I configured the home share just like explained in the samba wiki > (https://wiki.samba.org/index.php/Setting_up_a_home_share). > I added a demo user "demo" - the respective home-directory was created > successfully and the permissions are fine checking from a windows machine. > > However, when I try to connect to the terminal server as "demo", this > happens: > > Could not chdir to home directory /home/DOMAIN/demo: Permission denied > -bash: /home/DOMAIN/demo/.bash_profile: Permission denied > demo at ts01:/$ > > Here's my PDC's smb.conf: > > [global] > workgroup = DOMAIN > realm = DOMAIN.INTERN > netbios name = DC01 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > > interfaces = lo eth0 > bind interfaces only = yes > log file = /var/log/samba/samba.log > > security = user > encrypt passwords = yes > > [netlogon] > path = /var/lib/samba/sysvol/domain.intern/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [home] > path = /media/data01/home > read only = no > > I integrated the terminal server into the domain, authentication via > winbind works fine! Here's the terminal servers smb.conf: > > [global] > netbios name = TS01 > server string = TS01 > > workgroup = DOMAIN > realm = DOMAIN.INTERN > > security = ADS > local master = no > preferred master = no > dns proxy = no > > encrypt passwords = true > kerberos method = secrets and keytab > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > winbind use default domain = yes > winbind enum groups = yes > winbind enum users = yes > winbind nss info = rfc2307 > > map untrusted to domain = no > > template homedir = /home/DOMAIN/%U > template shell = /bin/bash > > idmap config * : backend = rid > idmap config * : range = 10000 - 49999 > idmap uid = 50000 - 100000 > idmap gid = 50000 - 100000 > > This is the user information for the demo user: > > root at ts01:/home/DOMAIN# wbinfo -i demo > demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash > > However this information is not listed in the ACLs of the folder: > > root at ts01:/home/DOMAIN# getfacl demo/ > # file: demo/ > # owner: 3000000 > # group: users > user::rwx > user:root:rwx > user:3000002:rwx > user:3000008:rwx > user:3000033:rwx > group::r-x > group:users:r-x > group:3000000:rwx > group:3000002:rwx > group:3000008:rwx > group:3000033:rwx > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000002:rwx > default:user:3000008:rwx > default:user:3000033:rwx > default:group::r-- > default:group:users:r-- > default:group:3000000:rwx > default:group:3000002:rwx > default:group:3000008:rwx > default:group:3000033:rwx > default:mask::rwx > default:other::--- > > This is my first try of configuring a domain using samba - I'm grateful > for any hints in the right direction! > > Best regards, > > RainhardSomeone else please. It's not our turn!
L.P.H. van Belle
2014-Jul-03 12:46 UTC
[Samba] Cannot access shared home directories from linux machine
i see :>other::---what are the rights on /home and /home/DOMAIN try set it in linux on 755 ( both ) and try again. Louis>-----Oorspronkelijk bericht----- >Van: ea4ml3f at gmx.at [mailto:samba-bounces at lists.samba.org] Namens isofx >Verzonden: donderdag 3 juli 2014 14:35 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Cannot access shared home directories from >linux machine > >Hi, > >I configured a share for home-directories on my Debian Samba >PDC (4.1.9) >and connected the share on another linux machine (terminal server) via >/etc/fstab: > >//192.168.10.51/home /home/DOMAIN/ cifs >credentials=/root/.smbcredentials,iocharset=utf8 0 0 > >The .smbcredentials file contains the Domain Administrators >username/password. The share is mounted successfully, however >users can >not log into their home directories. > >I configured the home share just like explained in the samba wiki >(https://wiki.samba.org/index.php/Setting_up_a_home_share). >I added a demo user "demo" - the respective home-directory was created >successfully and the permissions are fine checking from a >windows machine. > >However, when I try to connect to the terminal server as "demo", this >happens: > >Could not chdir to home directory /home/DOMAIN/demo: Permission denied >-bash: /home/DOMAIN/demo/.bash_profile: Permission denied >demo at ts01:/$ > >Here's my PDC's smb.conf: > >[global] > workgroup = DOMAIN > realm = DOMAIN.INTERN > netbios name = DC01 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > > interfaces = lo eth0 > bind interfaces only = yes > log file = /var/log/samba/samba.log > > security = user > encrypt passwords = yes > >[netlogon] > path = /var/lib/samba/sysvol/domain.intern/scripts > read only = No > >[sysvol] > path = /var/lib/samba/sysvol > read only = No > >[home] > path = /media/data01/home > read only = no > >I integrated the terminal server into the domain, authentication via >winbind works fine! Here's the terminal servers smb.conf: > >[global] >netbios name = TS01 >server string = TS01 > >workgroup = DOMAIN >realm = DOMAIN.INTERN > >security = ADS >local master = no >preferred master = no >dns proxy = no > >encrypt passwords = true >kerberos method = secrets and keytab > >vfs objects = acl_xattr >map acl inherit = Yes >store dos attributes = Yes > >winbind use default domain = yes >winbind enum groups = yes >winbind enum users = yes >winbind nss info = rfc2307 > >map untrusted to domain = no > >template homedir = /home/DOMAIN/%U >template shell = /bin/bash > >idmap config * : backend = rid >idmap config * : range = 10000 - 49999 >idmap uid = 50000 - 100000 >idmap gid = 50000 - 100000 > >This is the user information for the demo user: > >root at ts01:/home/DOMAIN# wbinfo -i demo >demo:*:51114:50513::/home/DOMAIN/demo:/bin/bash > >However this information is not listed in the ACLs of the folder: > >root at ts01:/home/DOMAIN# getfacl demo/ ># file: demo/ ># owner: 3000000 ># group: users >user::rwx >user:root:rwx >user:3000002:rwx >user:3000008:rwx >user:3000033:rwx >group::r-x >group:users:r-x >group:3000000:rwx >group:3000002:rwx >group:3000008:rwx >group:3000033:rwx >mask::rwx >other::--- >default:user::rwx >default:user:root:rwx >default:user:3000000:rwx >default:user:3000002:rwx >default:user:3000008:rwx >default:user:3000033:rwx >default:group::r-- >default:group:users:r-- >default:group:3000000:rwx >default:group:3000002:rwx >default:group:3000008:rwx >default:group:3000033:rwx >default:mask::rwx >default:other::--- > >This is my first try of configuring a domain using samba - I'm >grateful >for any hints in the right direction! > >Best regards, > >Rainhard >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Maybe Matching Threads
- Failed to find domain 'NT AUTHORITY'
- FW: [Bug 11241] different ids even when idmap.ldb copied. not abug..
- Sysvol replication problem
- Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
- Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies