Hai.. I need to have my home dirs shared over some of my servers. I did setup a nfs4 kerberos base Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers. This works, i can mount without problems. But because verything is created with the windows user tools, the owner/Group is root. Like this Server: ls -al drwxrwx---+ 2 root root 4096 Sep 4 13:17 someuser getfacl someuser # file: someuser # owner: root # group: root user::rwx user:root:rwx user:someuser:rwx group::r-x group:root:r-x group:BUILTIN\134administrators:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:someuser:rwx default:group::r-x default:group:root:r-x default:group:BUILTIN\134administrators:rwx default:mask::rwx default:other::--- Client : ls -al drwxrwx--- 2 root root 4096 Sep 4 13:17 someuser getfacl someuser # file: someuser # owner: root # group: root user::rwx group::rwx other::--- and because of this i cant use the users homedirs on other servers. Is this because i create user the “wrong way” or am i missing something else. I cant figure out where i did what ..(wrong) And if this just dont work because of the nfs, how did you guys overcome this. Id someuser, getent passwd someuser, wbinfo –u /-g etc, all give back my user with uid/gid and homedir. Should i use cifs Mount? Did i set something wrong on the “user” share so the users home dir is created with wrong rights? Any one any suggestions? Greetz, Louis
Hi Louis, What NFS version/options are you using? -> cat /proc/mounts If you're using NFS v4 there are no more Posix ACLs, so getfacl won't get you anywhere. NFS v4 comes with different ACL style - and different tools (nfs4-acl-tools): nfs4_getfacl / nfs4_setfacl Bye, Marcel -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. van Belle Gesendet: Freitag, 4. September 2015 15:53 An: samba at lists.samba.org Betreff: [Samba] nfs based shared home dir question Hai.. I need to have my home dirs shared over some of my servers. I did setup a nfs4 kerberos base Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers. This works, i can mount without problems. But because verything is created with the windows user tools, the owner/Group is root. Like this Server: ls -al drwxrwx---+ 2 root root 4096 Sep 4 13:17 someuser getfacl someuser # file: someuser # owner: root # group: root user::rwx user:root:rwx user:someuser:rwx group::r-x group:root:r-x group:BUILTIN\134administrators:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:someuser:rwx default:group::r-x default:group:root:r-x default:group:BUILTIN\134administrators:rwx default:mask::rwx default:other::--- Client : ls -al drwxrwx--- 2 root root 4096 Sep 4 13:17 someuser getfacl someuser # file: someuser # owner: root # group: root user::rwx group::rwx other::--- and because of this i cant use the users homedirs on other servers. Is this because i create user the “wrong way” or am i missing something else. I cant figure out where i did what ..(wrong) And if this just dont work because of the nfs, how did you guys overcome this. Id someuser, getent passwd someuser, wbinfo –u /-g etc, all give back my user with uid/gid and homedir. Should i use cifs Mount? Did i set something wrong on the “user” share so the users home dir is created with wrong rights? Any one any suggestions? Greetz, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hai marcel, Im using nfsv4 kerberos based host/client. This is the line of the cat /proc/mounts nfs4 rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.xx.xx,local_lock=none,addr=192.168.xxx.xxx 0 0 fstab only contains : nfs4 sec=krb5 Yes, i did see the nfs4-acl-tools, seen that, hoped that helped a bit, But i did not get that to work also. Should i switch back to nfs3, or is it just not possible om the "by RATS" created used and homedir to share with nfs? I cant find anything about this on the wiki. How are you guys doing thing like this, sharing the user home folder. Or am i missing something here? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Ritter, Marcel (RRZE) [mailto:marcel.ritter at fau.de] > Verzonden: maandag 7 september 2015 9:15 > Aan: 'L.P.H. van Belle'; samba at lists.samba.org > Onderwerp: AW: [Samba] nfs based shared home dir question > > Hi Louis, > > What NFS version/options are you using? > -> cat /proc/mounts > > If you're using NFS v4 there are no more Posix ACLs, > so getfacl won't get you anywhere. > > NFS v4 comes with different ACL style - and different > tools (nfs4-acl-tools): > nfs4_getfacl / nfs4_setfacl > > Bye, > Marcel > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. > van Belle > Gesendet: Freitag, 4. September 2015 15:53 > An: samba at lists.samba.org > Betreff: [Samba] nfs based shared home dir question > > Hai.. > > > > I need to have my home dirs shared over some of my servers. > > I did setup a nfs4 kerberos base > > Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers. > > > > This works, i can mount without problems. > > > > But because verything is created with the windows user tools, the > owner/Group is root. > > Like this > > > > Server: > > ls -al > > drwxrwx---+ 2 root root 4096 Sep 4 13:17 someuser > > > > getfacl someuser > > # file: someuser > > # owner: root > > # group: root > > user::rwx > > user:root:rwx > > user:someuser:rwx > > group::r-x > > group:root:r-x > > group:BUILTIN\134administrators:rwx > > mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:someuser:rwx > > default:group::r-x > > default:group:root:r-x > > default:group:BUILTIN\134administrators:rwx > > default:mask::rwx > > default:other::--- > > > > > > Client : > > ls -al > > drwxrwx--- 2 root root 4096 Sep 4 13:17 someuser > > > > getfacl someuser > > # file: someuser > > # owner: root > > # group: root > > user::rwx > > group::rwx > > other::--- > > > > > > > and because of this i cant use the users homedirs on other servers. > > > > Is this because i create user the ?wrong way? or am i missing something > else. > > I cant figure out where i did what ..(wrong) > > > > And if this just dont work because of the nfs, how did you guys overcome > this. > > > > Id someuser, getent passwd someuser, wbinfo ?u /-g etc, all give back my > user with uid/gid and homedir. > > > > Should i use cifs Mount? > > Did i set something wrong on the ?user? share so the users home dir is > created with wrong rights? > > > > Any one any suggestions? > > > > > > Greetz, > > > > Louis > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hi Louis, I must admit I've never used RATS to create home directories - but in the the tool used to create the directories should not make a difference. So back to the basics: What's the output of nfs4_getfacl (instead of getfacl) on the nfs client? Keep in mind, that (afaik) there's currently no standard linux filesystem supporting NFSv4 style ACLs. So every posix ACL needs to be converted to NFSv4 ACL (and back) - and that could cause additional trouble. What ownership/group does the client report if you create a simple home path manually? (-> does idmap work as expected?) If you can see the correct owner/group - but still get no access to the directory (as owner) you might have run into the same trouble I'm trying to figure out right now :-( In that case the output of "klist" (after trying to access the nfs directory) would be interesting ... Bye, Marcel -----Ursprüngliche Nachricht----- Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. van Belle Gesendet: Montag, 7. September 2015 09:36 An: samba at lists.samba.org Betreff: Re: [Samba] nfs based shared home dir question Hai marcel, Im using nfsv4 kerberos based host/client. This is the line of the cat /proc/mounts nfs4 rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.xx.xx,local_lock=none,addr=192.168.xxx.xxx 0 0 fstab only contains : nfs4 sec=krb5 Yes, i did see the nfs4-acl-tools, seen that, hoped that helped a bit, But i did not get that to work also. Should i switch back to nfs3, or is it just not possible om the "by RATS" created used and homedir to share with nfs? I cant find anything about this on the wiki. How are you guys doing thing like this, sharing the user home folder. Or am i missing something here? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Ritter, Marcel (RRZE) [mailto:marcel.ritter at fau.de] > Verzonden: maandag 7 september 2015 9:15 > Aan: 'L.P.H. van Belle'; samba at lists.samba.org > Onderwerp: AW: [Samba] nfs based shared home dir question > > Hi Louis, > > What NFS version/options are you using? > -> cat /proc/mounts > > If you're using NFS v4 there are no more Posix ACLs, so getfacl won't > get you anywhere. > > NFS v4 comes with different ACL style - and different tools > (nfs4-acl-tools): > nfs4_getfacl / nfs4_setfacl > > Bye, > Marcel > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. > van Belle > Gesendet: Freitag, 4. September 2015 15:53 > An: samba at lists.samba.org > Betreff: [Samba] nfs based shared home dir question > > Hai.. > > > > I need to have my home dirs shared over some of my servers. > > I did setup a nfs4 kerberos base > > Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers. > > > > This works, i can mount without problems. > > > > But because verything is created with the windows user tools, the > owner/Group is root. > > Like this > > > > Server: > > ls -al > > drwxrwx---+ 2 root root 4096 Sep 4 13:17 someuser > > > > getfacl someuser > > # file: someuser > > # owner: root > > # group: root > > user::rwx > > user:root:rwx > > user:someuser:rwx > > group::r-x > > group:root:r-x > > group:BUILTIN\134administrators:rwx > > mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:someuser:rwx > > default:group::r-x > > default:group:root:r-x > > default:group:BUILTIN\134administrators:rwx > > default:mask::rwx > > default:other::--- > > > > > > Client : > > ls -al > > drwxrwx--- 2 root root 4096 Sep 4 13:17 someuser > > > > getfacl someuser > > # file: someuser > > # owner: root > > # group: root > > user::rwx > > group::rwx > > other::--- > > > > > > > and because of this i cant use the users homedirs on other servers. > > > > Is this because i create user the ?wrong way? or am i missing > something else. > > I cant figure out where i did what ..(wrong) > > > > And if this just dont work because of the nfs, how did you guys > overcome this. > > > > Id someuser, getent passwd someuser, wbinfo ?u /-g etc, all give > back my user with uid/gid and homedir. > > > > Should i use cifs Mount? > > Did i set something wrong on the ?user? share so the users home dir is > created with wrong rights? > > > > Any one any suggestions? > > > > > > Greetz, > > > > Louis > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Ok, i clarify a bit more. \\servername.internal.domain.tld\users2\%username% is used in my AD for the home folder of the users. %username% translates to the username. I tried 2 setups now, windows acl base setup and posix based setup. Both fail for me. THE SERVER with the shares ( and is nfs server) The samba/windows part. ( postix rights setup ) On the server this is /home/samba/users2 Users is shared, owner root , Group root, everyone. These have all "special" rights, with "only this folder" ls -al gives : drwxr-xr-x 3 root root 4096 Sep 7 10:18 users2 # file: home/samba/users2 # owner: root # group: root user::rwx group::r-x other::r-x the user : drwxrwx---+ 2 root root 4096 Sep 7 10:18 someuser getfacl someuser/ # file: someuser/ # owner: root # group: root user::rwx user:root:rwx user: someuser:rwx group::--- group:root:--- group:BUILTIN\134administrators:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user: someuser:rwx default:group::--- default:group:root:--- default:group:BUILTIN\134administrators:rwx default:mask::rwx default:other::--- i mounted the folder on the client server this is the mount option # NFS V4 Test servername.internal.domain.tld:/users2 /home/users2 nfs4 sec=krb5 0 0 In /etc/default/nfs-common: NEED_IDMAPD=yes NEED_GSSD=yes NEED_STATD=no /etc/idmap.conf ( on both servers ) Domain = internal.domain.tld [Mapping] Nobody-User = nobody Nobody-Group = nogroup [Translation] Method = nsswitch cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis and i get this as result. root at print1:/home/users2# whoami root root at print1:/home/users2# cd someuser / -su: cd: someuser /: Permission denied root at rtd-print1:/home/users2# ls -al total 16 drwxr-xr-x 3 root root 4096 Sep 7 10:18 . drwxr-xr-x 8 root root 4096 Sep 7 10:16 .. drwxrwx--- 2 root root 4096 Sep 7 10:18 someuser even root cant access the user folder .. the outpur of nfs4_getfacl someuser A::OWNER@:rwaDxtTcCy A::root at rotterdam.bazuin.nl:rwaDxtcy A:: someuser at rotterdam.bazuin.nl:rwaDxtcy A::GROUP@:tcy A:g:root at rotterdam.bazuin.nl:tcy A:g:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy A::EVERYONE@:tcy A:fdi:OWNER@:rwaDxtTcCy A:fdi:root at rotterdam.bazuin.nl:rwaDxtcy A:fdi:someuser at rotterdam.bazuin.nl:rwaDxtcy A:fdi:GROUP@:tcy A:fdig:root at rotterdam.bazuin.nl:tcy A:fdig:BUILTIN\administrators at rotterdam.bazuin.nl:rwaDxtcy A:fdi:EVERYONE@:tcy I dont know where i went wrong here.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Ritter, Marcel (RRZE) [mailto:marcel.ritter at fau.de] > Verzonden: maandag 7 september 2015 10:13 > Aan: 'L.P.H. van Belle'; samba at lists.samba.org > Onderwerp: AW: [Samba] nfs based shared home dir question > > Hi Louis, > > I must admit I've never used RATS to create home directories - but > in the the tool used to create the directories should not make a > difference. > > So back to the basics: > > What's the output of nfs4_getfacl (instead of getfacl) on the nfs client? > > Keep in mind, that (afaik) there's currently no standard linux filesystem > supporting NFSv4 style ACLs. So every posix ACL needs to be converted > to NFSv4 ACL (and back) - and that could cause additional trouble. > > What ownership/group does the client report if you create a simple > home path manually? (-> does idmap work as expected?) > > If you can see the correct owner/group - but still get no access to > the directory (as owner) you might have run into the same trouble > I'm trying to figure out right now :-( > In that case the output of "klist" (after trying to access the nfs > directory) > would be interesting ... > > Bye, > Marcel > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. > van Belle > Gesendet: Montag, 7. September 2015 09:36 > An: samba at lists.samba.org > Betreff: Re: [Samba] nfs based shared home dir question > > Hai marcel, > > Im using nfsv4 kerberos based host/client. > This is the line of the cat /proc/mounts > nfs4 > rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,p > ort=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.xx.xx,local_lock=non > e,addr=192.168.xxx.xxx 0 0 > > fstab only contains : nfs4 sec=krb5 > > Yes, i did see the nfs4-acl-tools, seen that, hoped that helped a bit, But > i did not get that to work also. > > Should i switch back to nfs3, or is it just not possible om the "by RATS" > created used and homedir to share with nfs? > > I cant find anything about this on the wiki. > > How are you guys doing thing like this, sharing the user home folder. > Or am i missing something here? > > > Greetz, > > Louis > > > > > > > -----Oorspronkelijk bericht----- > > Van: Ritter, Marcel (RRZE) [mailto:marcel.ritter at fau.de] > > Verzonden: maandag 7 september 2015 9:15 > > Aan: 'L.P.H. van Belle'; samba at lists.samba.org > > Onderwerp: AW: [Samba] nfs based shared home dir question > > > > Hi Louis, > > > > What NFS version/options are you using? > > -> cat /proc/mounts > > > > If you're using NFS v4 there are no more Posix ACLs, so getfacl won't > > get you anywhere. > > > > NFS v4 comes with different ACL style - and different tools > > (nfs4-acl-tools): > > nfs4_getfacl / nfs4_setfacl > > > > Bye, > > Marcel > > > > -----Ursprüngliche Nachricht----- > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H. > > van Belle > > Gesendet: Freitag, 4. September 2015 15:53 > > An: samba at lists.samba.org > > Betreff: [Samba] nfs based shared home dir question > > > > Hai.. > > > > > > > > I need to have my home dirs shared over some of my servers. > > > > I did setup a nfs4 kerberos base > > > > Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers. > > > > > > > > This works, i can mount without problems. > > > > > > > > But because verything is created with the windows user tools, the > > owner/Group is root. > > > > Like this > > > > > > > > Server: > > > > ls -al > > > > drwxrwx---+ 2 root root 4096 Sep 4 13:17 someuser > > > > > > > > getfacl someuser > > > > # file: someuser > > > > # owner: root > > > > # group: root > > > > user::rwx > > > > user:root:rwx > > > > user:someuser:rwx > > > > group::r-x > > > > group:root:r-x > > > > group:BUILTIN\134administrators:rwx > > > > mask::rwx > > > > other::--- > > > > default:user::rwx > > > > default:user:root:rwx > > > > default:user:someuser:rwx > > > > default:group::r-x > > > > default:group:root:r-x > > > > default:group:BUILTIN\134administrators:rwx > > > > default:mask::rwx > > > > default:other::--- > > > > > > > > > > > > Client : > > > > ls -al > > > > drwxrwx--- 2 root root 4096 Sep 4 13:17 someuser > > > > > > > > getfacl someuser > > > > # file: someuser > > > > # owner: root > > > > # group: root > > > > user::rwx > > > > group::rwx > > > > other::--- > > > > > > > > > > > > > > and because of this i cant use the users homedirs on other servers. > > > > > > > > Is this because i create user the ?wrong way? or am i missing > > something else. > > > > I cant figure out where i did what ..(wrong) > > > > > > > > And if this just dont work because of the nfs, how did you guys > > overcome this. > > > > > > > > Id someuser, getent passwd someuser, wbinfo ?u /-g etc, all give > > back my user with uid/gid and homedir. > > > > > > > > Should i use cifs Mount? > > > > Did i set something wrong on the ?user? share so the users home dir is > > created with wrong rights? > > > > > > > > Any one any suggestions? > > > > > > > > > > > > Greetz, > > > > > > > > Louis > > > > > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba