samba - Mar 2016 - Why my dir is not available ?

On 03/12/2016 08:24 PM, Rowland penny wrote:
> On 12/03/16 18:28, Pierre Couderc wrote:
>>
>> On 03/12/2016 06:45 PM, Rowland penny wrote:
>>> On 12/03/16 17:37, Pierre Couderc wrote:
>>>> I have a samba server with a "var" share.
>>>>
>>>> I have 2 client computers  which mount this share  each one
with
>>>> each (identical) /etc/fstab: :
>>>>
>>>> //192.168.163.1/var    /mnt/var        cifs 
>>>> _netdev,username=xxxx,password=yyyy
>>>>
>>>> On a first client, I try to ls :
>>>>
>>>> ls /mnt/var/www
>>>>
>>>> and I get well the contents of www
>>>>
>>>> On the second client, I get :
>>>> ls: cannot open directory /mnt/var/www: Permission denied
>>>>
>>>> How it is possible ? where to look for ?
>>>>
>>>> please note that, on the 2 clients, if I ls  :
>>>>
>>>> ls /mnt/var gives me correct results !!
>>>>
>>>>
>>>> Thank you for any help.
>>>>
>>>> PC
>>>>
>>>
>>> Hi, can you post a bit more info, how are you running Samba ?
>>> Can you post the smb.conf files from the two machines ?
>>>
>>> Rowland
>>>
>>>
>> Thank you.
>> Yes, I can. And I will if it is useful.
>
> Yes
>
>> But will it help you to help me ?
>
> Possibly
>
>>
>> I suppose have a correct samba configuration, as it works with many 
>> customer computers (since years...).
>> Ma question 1 : Is it possible that I am wrong on this point ?
>
> Well, until we see the smb.conf, we will not know.
Thank you, please see below.
>
>>
>> My question 2 :  what can make a difference between these 2 clients ?
>> There is a small difference : the "good" customer is Ubuntu,
and the
>> "bad" one is debian...
>
> There shouldn't, in principal, be any difference.
>
>>
>> Please note that I cannot send the 2 smb.conf because I have only one 
>> ! It is on the server.
>> There are no smb.conf on the clients.
>
> Hang on, what are you running on the Unix clients, where do they auth 
> to ?
Mmm, I run standard cifs client, mounted in /etc/fstab as described 
above, and without any smb.conf.
Something like 
https://wiki.samba.org/index.php/Mounting_samba_shares_from_a_unix_client

------------------------------------------
Server smb.conf, I have removed a few more share, but all global 
parameters are here :

[global]

    workgroup = TOL

    server string = %h server (Samba, Ubuntu)
    wins support = yes
   dns proxy = no
    interfaces = 127.0.0.0/8 eth0
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true
    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    guest account = nous
    usershare allow guests = yes

#======================= Share Definitions ======================
[printers]
....

[print$]
....

[var]
     comment = var(V:)
     writable = yes
     public = yes
     path = /var/
     valid users = xxxx

On 12/03/16 21:58, Pierre Couderc wrote:
>
>
> On 03/12/2016 08:24 PM, Rowland penny wrote:
>> On 12/03/16 18:28, Pierre Couderc wrote:
>>>
>>> On 03/12/2016 06:45 PM, Rowland penny wrote:
>>>> On 12/03/16 17:37, Pierre Couderc wrote:
>>>>> I have a samba server with a "var" share.
>>>>>
>>>>> I have 2 client computers  which mount this share  each one
with
>>>>> each (identical) /etc/fstab: :
>>>>>
>>>>> //192.168.163.1/var    /mnt/var        cifs 
>>>>> _netdev,username=xxxx,password=yyyy
>>>>>
>>>>> On a first client, I try to ls :
>>>>>
>>>>> ls /mnt/var/www
>>>>>
>>>>> and I get well the contents of www
>>>>>
>>>>> On the second client, I get :
>>>>> ls: cannot open directory /mnt/var/www: Permission denied
>>>>>
>>>>> How it is possible ? where to look for ?
>>>>>
>>>>> please note that, on the 2 clients, if I ls  :
>>>>>
>>>>> ls /mnt/var gives me correct results !!
>>>>>
>>>>>
>>>>> Thank you for any help.
>>>>>
>>>>> PC
>>>>>
>>>>
>>>> Hi, can you post a bit more info, how are you running Samba ?
>>>> Can you post the smb.conf files from the two machines ?
>>>>
>>>> Rowland
>>>>
>>>>
>>> Thank you.
>>> Yes, I can. And I will if it is useful.
>>
>> Yes
>>
>>> But will it help you to help me ?
>>
>> Possibly
>>
>>>
>>> I suppose have a correct samba configuration, as it works with many
>>> customer computers (since years...).
>>> Ma question 1 : Is it possible that I am wrong on this point ?
>>
>> Well, until we see the smb.conf, we will not know.
> Thank you, please see below.
>>
>>>
>>> My question 2 :  what can make a difference between these 2 clients
?
>>> There is a small difference : the "good" customer is
Ubuntu, and the
>>> "bad" one is debian...
>>
>> There shouldn't, in principal, be any difference.
>>
>>>
>>> Please note that I cannot send the 2 smb.conf because I have only 
>>> one ! It is on the server.
>>> There are no smb.conf on the clients.
>>
>> Hang on, what are you running on the Unix clients, where do they auth 
>> to ?
> Mmm, I run standard cifs client, mounted in /etc/fstab as described 
> above, and without any smb.conf.
> Something like 
> https://wiki.samba.org/index.php/Mounting_samba_shares_from_a_unix_client
>
> ------------------------------------------
> Server smb.conf, I have removed a few more share, but all global 
> parameters are here :
>
> [global]
>
>    workgroup = TOL
>
>    server string = %h server (Samba, Ubuntu)
>    wins support = yes
>   dns proxy = no
>    interfaces = 127.0.0.0/8 eth0
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>    pam password change = yes
>    map to guest = bad user
>    guest account = nous
>    usershare allow guests = yes
>
> #======================= Share Definitions ======================>
> [printers]
> ....
>
> [print$]
> ....
>
> [var]
>     comment = var(V:)
>     writable = yes
>     public = yes
>     path = /var/
>     valid users = xxxx
>
>
>
>
OK, it appears that you are running a workgroup called 'TOL'. This means
that all your users and groups need to exist on all machines and all 
passwords need to be in sync.

Have you checked that user 'xxxx' has the same password on all machines
?
Does the share actually get mounted on the machine you are denied access 
to ?
If it does get mounted, who actually owns the mounted share ?

Rowland

On 03/14/2016 10:05 AM, Rowland penny wrote:
> On 13/03/16 18:59, Pierre Couderc wrote:
>>
>>
>> On 03/13/2016 10:36 AM, Rowland penny wrote:
>>> On 12/03/16 21:58, Pierre Couderc wrote:
>>>>
>>>>
>>>> On 03/12/2016 08:24 PM, Rowland penny wrote:
>>>>> On 12/03/16 18:28, Pierre Couderc wrote:
>>>>>>
>>>>>> On 03/12/2016 06:45 PM, Rowland penny wrote:
>>>>>>> On 12/03/16 17:37, Pierre Couderc wrote:
>>>>>>>> I have a samba server with a "var"
share.
>>>>>>>>
>>>>>>>> I have 2 client computers  which mount this
share each one with
>>>>>>>> each (identical) /etc/fstab: :
>>>>>>>>
>>>>>>>> //192.168.163.1/var    /mnt/var        cifs
>>>>>>>> _netdev,username=xxxx,password=yyyy
>>>>>>>>
>>>>>>>> On a first client, I try to ls :
>>>>>>>>
>>>>>>>> ls /mnt/var/www
>>>>>>>>
>>>>>>>> and I get well the contents of www
>>>>>>>>
>>>>>>>> On the second client, I get :
>>>>>>>> ls: cannot open directory /mnt/var/www:
Permission denied
>>>>>>>>
>>>>>>>> How it is possible ? where to look for ?
>>>>>>>>
>>>>>>>> please note that, on the 2 clients, if I ls  :
>>>>>>>>
>>>>>>>> ls /mnt/var gives me correct results !!
>>>>>>>>
>>>>>>>>
>>>>>>>> Thank you for any help.
>>>>>>>>
>>>>>>>> PC
>>>>>>>>
>>>>>>>
>>>>>>> Hi, can you post a bit more info, how are you
running Samba ?
>>>>>>> Can you post the smb.conf files from the two
machines ?
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>> Thank you.
>>>>>> Yes, I can. And I will if it is useful.
>>>>>
>>>>> Yes
>>>>>
>>>>>> But will it help you to help me ?
>>>>>
>>>>> Possibly
>>>>>
>>>>>>
>>>>>> I suppose have a correct samba configuration, as it
works with
>>>>>> many customer computers (since years...).
>>>>>> Ma question 1 : Is it possible that I am wrong on this
point ?
>>>>>
>>>>> Well, until we see the smb.conf, we will not know.
>>>> Thank you, please see below.
>>>>>
>>>>>>
>>>>>> My question 2 :  what can make a difference between
these 2
>>>>>> clients ?
>>>>>> There is a small difference : the "good"
customer is Ubuntu, and
>>>>>> the "bad" one is debian...
>>>>>
>>>>> There shouldn't, in principal, be any difference.
>>>>>
>>>>>>
>>>>>> Please note that I cannot send the 2 smb.conf because I
have only
>>>>>> one ! It is on the server.
>>>>>> There are no smb.conf on the clients.
>>>>>
>>>>> Hang on, what are you running on the Unix clients, where do
they
>>>>> auth to ?
>>>> Mmm, I run standard cifs client, mounted in /etc/fstab as
described
>>>> above, and without any smb.conf.
>>>> Something like
>>>>
https://wiki.samba.org/index.php/Mounting_samba_shares_from_a_unix_client
>>>>
>>>> ------------------------------------------
>>>> Server smb.conf, I have removed a few more share, but all
global
>>>> parameters are here :
>>>>
>>>> [global]
>>>>
>>>>    workgroup = TOL
>>>>
>>>>    server string = %h server (Samba, Ubuntu)
>>>>    wins support = yes
>>>>   dns proxy = no
>>>>    interfaces = 127.0.0.0/8 eth0
>>>>    log file = /var/log/samba/log.%m
>>>>    max log size = 1000
>>>>    syslog = 0
>>>>    panic action = /usr/share/samba/panic-action %d
>>>>    security = user
>>>>    encrypt passwords = true
>>>>    passdb backend = tdbsam
>>>>    obey pam restrictions = yes
>>>>    unix password sync = yes
>>>>    passwd program = /usr/bin/passwd %u
>>>>    passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* .
>>>>    pam password change = yes
>>>>    map to guest = bad user
>>>>    guest account = nous
>>>>    usershare allow guests = yes
>>>>
>>>> #======================= Share Definitions
======================>>>>
>>>> [printers]
>>>> ....
>>>>
>>>> [print$]
>>>> ....
>>>>
>>>> [var]
>>>>     comment = var(V:)
>>>>     writable = yes
>>>>     public = yes
>>>>     path = /var/
>>>>     valid users = xxxx
>>>>
>>>>
>>>>
>>>>
>>>
>>> OK, it appears that you are running a workgroup called
'TOL'. This
>>> means that all your users and groups need to exist on all machines
>>> and all passwords need to be in sync.
>>>
>>> Have you checked that user 'xxxx' has the same password on
all
>>> machines ?
>>> Does the share actually get mounted on the machine you are denied
>>> access to ?
>>> If it does get mounted, who actually owns the mounted share ?
>> Thank you very much.
>> Please note that that not only the shares are mounted but they work,
>> as explained in my first mail.
>> if on ALL my systems I :
>>
>> ls /mnt/var
>> It works.
>>
>> The problem is with :
>> ls /mnt/var/www
>>
>>
>> Thank you again.
>> PC
>
> So what you are saying is that you can mount ls /var from the server
> on any machine, but, on a particular machine, you cannot enter a dir
> under /var as a user that you think should be able to.
Yes, exactly !
>
> Do all client machines use the same version of cifs-mount ?
> is 'acl' & 'attr' installed on all client machines ?
Sorry, I do not know how to do, but  samba is installed by standard 
debian jessie package (the "bad" computer) , and by standard ubuntu 
14.04 LTS package (the "good" computer).
> if you run 'getfacl /mnt/var/www' on both machines, do you get the
> same results ?
Yes, I get the same result :

nous at pcouderc:~$ getfacl /mnt/var/www
getfacl: Removing leading '/' from absolute path names
# file: mnt/var/www
# owner: root
# group: www-data
user::rwx
group::rwx
other::---

nous at pcouderc:~$ ls /mnt/var/www (on the "bad" computer)
ls: cannot open directory /mnt/var/www: Permission denied

and the user is member of www-data group :

nous at tolsupport:~$ cat /etc/group | grep www-data
www-data:x:33:nous,postgres

(("nous" is the "true" name of the user in /etc/fstab,
instead of XXXX))


Thank you very much for your precious help.

PC

On 15/03/16 07:49, Pierre Couderc wrote:
>
>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>>
>>>
>>
>> Do all client machines use the same version of cifs-mount ?
>> is 'acl' & 'attr' installed on all client machines
?
> Sorry, I do not know how to do, but  samba is installed by standard 
> debian jessie package (the "bad" computer) , and by standard
ubuntu
> 14.04 LTS package (the "good" computer).
You could just try 'apt-get install acl attr'
>> if you run 'getfacl /mnt/var/www' on both machines, do you get
the
>> same results ?
> Yes, I get the same result :
>
> nous at pcouderc:~$ getfacl /mnt/var/www
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/var/www
> # owner: root
> # group: www-data
> user::rwx
> group::rwx
> other::---
>
Try 'getfacl /mnt/var'
Also try 'ls -la /mnt/var' and 'ls -la /mnt/var/www' (you may
have to
use sudo), do these commands return the same results on both machines 
and are they what you expect ?

Rowland