On Wed, 2021-11-03 at 13:32 -0500, Patrick Goetz via samba wrote:> > On 11/3/21 12:45, Rowland Penny via samba wrote: > > On Wed, 2021-11-03 at 11:45 -0500, Patrick Goetz via samba wrote: > > > And the dramatic conclusion is that no, it wasn't the conflicting > > > group > > > name interfering with the mount: > > > > OK, if you run this from the DC: > > > > ping -c1 data2 > > > > Does it work ? > > > > Yes: > root at samba-dc:~# ping -c1 data2 > PING data2.ea.linuxcs.com (192.168.1.81) 56(84) bytes of data. > 64 bytes from 192.168.1.81 (192.168.1.81): icmp_seq=1 ttl=64 > time=0.514 ms > > > > Then (again on the DC): > > > > smbclient -NL data2 > > > > What does that produce ? > > root at samba-dc:~# smbclient -NL data2 > Anonymous login successful > > Sharename Type Comment > --------- ---- ------- > share Disk Share Directory > software Disk Location for .msi files to be > automatically > installed by AD > IPC$ IPC IPC Service (Samba 4.15.1-Debian) > SMB1 disabled -- no workgroup available > > > However, one of the shares I set up is inexplicably missing from this > list: > > [home] > comment = Home Directories > path = /data/home > guest ok = no > browseable = no > writeable = yes > create mask = 0700 > directory mask = 0700 > follow symlinks = yes > >Strange, it should show, I will do some tests> > > > Finally, can you connect via smbclient: > > > > smbclient //data2/share > > > > When logged in as 'mduffy' > > > > Hmmm, that one could be tough, as mduffy isn't set up to log on to > the > DC (and won't be), and the only other linux host I have in the > domain > right now is data2OK, try it like this: smbclient //data2/share -Umduffy%THE_USERS_PASSWORD> > Let me increase the Samba log level on data2 to see if anything else > shows up in log.smbd. If that fails, I can quickly spin up another > linux > host to use for this. > > Meanwhile, just to test: > > root at data2:/data# su - mduffy > su: warning: cannot change directory to /home/EA/mduffy: No such file > or > directory > > How/where is it deciding to make the home directory > /home/EA/mduffy? I > don't have anything set up under the user's Profile. Is this a > default > location built into Samba? For that matter, how is it deciding the > default shell is /bin/false?There are a couple of smb.conf parameters which default to: template homedir = /home/%D/%U template shell = /bin/false %D = Netbios domain name (aka workgroup) %U = username However, you will need to tell PAM to create the users homedir upon logon via SSH or at the terminal or GUI. connecting by Samba is a bit different, the users homedir will have to exist, or get 'root preexec' to run a script to do it (I can supply a script if required). Rowland
On Wed, 2021-11-03 at 18:58 +0000, Rowland Penny via samba wrote:> On Wed, 2021-11-03 at 13:32 -0500, Patrick Goetz via samba wrote: > > On 11/3/21 12:45, Rowland Penny via samba wrote: > > > On Wed, 2021-11-03 at 11:45 -0500, Patrick Goetz via samba wrote: > > > > And the dramatic conclusion is that no, it wasn't the > > > > conflicting > > > > group > > > > name interfering with the mount: > > > > > > OK, if you run this from the DC: > > > > > > ping -c1 data2 > > > > > > Does it work ? > > > > > > > Yes: > > root at samba-dc:~# ping -c1 data2 > > PING data2.ea.linuxcs.com (192.168.1.81) 56(84) bytes of data. > > 64 bytes from 192.168.1.81 (192.168.1.81): icmp_seq=1 ttl=64 > > time=0.514 ms > > > > > > > Then (again on the DC): > > > > > > smbclient -NL data2 > > > > > > What does that produce ? > > > > root at samba-dc:~# smbclient -NL data2 > > Anonymous login successful > > > > Sharename Type Comment > > --------- ---- ------- > > share Disk Share Directory > > software Disk Location for .msi files to be > > automatically > > installed by AD > > IPC$ IPC IPC Service (Samba 4.15.1-Debian) > > SMB1 disabled -- no workgroup available > > > > > > However, one of the shares I set up is inexplicably missing from > > this > > list: > > > > [home] > > comment = Home Directories > > path = /data/home > > guest ok = no > > browseable = no > > writeable = yes > > create mask = 0700 > > directory mask = 0700 > > follow symlinks = yes > > > > > > Strange, it should show, I will do some testsAnd then as I created the share, I realised what the problem was. You are telling Samba to not show the share: browseable = no Rowland
On 11/3/21 13:58, Rowland Penny via samba wrote:> On Wed, 2021-11-03 at 13:32 -0500, Patrick Goetz via samba wrote: >> >> On 11/3/21 12:45, Rowland Penny via samba wrote: >>> On Wed, 2021-11-03 at 11:45 -0500, Patrick Goetz via samba wrote: >>>> And the dramatic conclusion is that no, it wasn't the conflicting >>>> group >>>> name interfering with the mount: >>> >>> OK, if you run this from the DC: >>> >>> ping -c1 data2 >>> >>> Does it work ? >>> >> >> Yes: >> root at samba-dc:~# ping -c1 data2 >> PING data2.ea.linuxcs.com (192.168.1.81) 56(84) bytes of data. >> 64 bytes from 192.168.1.81 (192.168.1.81): icmp_seq=1 ttl=64 >> time=0.514 ms >> >> >>> Then (again on the DC): >>> >>> smbclient -NL data2 >>> >>> What does that produce ? >> >> root at samba-dc:~# smbclient -NL data2 >> Anonymous login successful >> >> Sharename Type Comment >> --------- ---- ------- >> share Disk Share Directory >> software Disk Location for .msi files to be >> automatically >> installed by AD >> IPC$ IPC IPC Service (Samba 4.15.1-Debian) >> SMB1 disabled -- no workgroup available >> >> >> However, one of the shares I set up is inexplicably missing from this >> list: >> >> [home] >> comment = Home Directories >> path = /data/home >> guest ok = no >> browseable = no >> writeable = yes >> create mask = 0700 >> directory mask = 0700 >> follow symlinks = yes >> >> > > Strange, it should show, I will do some tests > >> >> >>> Finally, can you connect via smbclient: >>> >>> smbclient //data2/share >>> >>> When logged in as 'mduffy' >>> >> >> Hmmm, that one could be tough, as mduffy isn't set up to log on to >> the >> DC (and won't be), and the only other linux host I have in the >> domain >> right now is data2 > > OK, try it like this: > > smbclient //data2/share -Umduffy%THE_USERS_PASSWORD >OK, I cloned data2, changed the hostname/IP, got rid of the shares in smb.conf, and joined the new host to the domain. Here's what happens when I run the command above from the new linux host, atomsmasher: pgoetz at atomsmasher:~$ smbclient //data2/share -Umduffy%xxxxx Try "help" to get a list of possible commands. smb: \> pwd Current directory is \\data2\share\ smb: \> ls . D 0 Tue Nov 2 19:15:07 2021 .. D 0 Tue Nov 2 19:15:11 2021 20508240 blocks of size 1024. 12650464 blocks available smb: \> ls . D 0 Wed Nov 3 14:29:39 2021 .. D 0 Tue Nov 2 19:15:11 2021 foobar N 0 Wed Nov 3 14:29:39 2021 20508240 blocks of size 1024. 12650464 blocks available smb: \> So, it works from a linux host!>> >> Let me increase the Samba log level on data2 to see if anything else >> shows up in log.smbd. If that fails, I can quickly spin up another >> linux >> host to use for this. >> >> Meanwhile, just to test: >> >> root at data2:/data# su - mduffy >> su: warning: cannot change directory to /home/EA/mduffy: No such file >> or >> directory >> >> How/where is it deciding to make the home directory >> /home/EA/mduffy? I >> don't have anything set up under the user's Profile. Is this a >> default >> location built into Samba? For that matter, how is it deciding the >> default shell is /bin/false? > > There are a couple of smb.conf parameters which default to: > template homedir = /home/%D/%U > template shell = /bin/false > > %D = Netbios domain name (aka workgroup) > %U = username > > However, you will need to tell PAM to create the users homedir upon > logon via SSH or at the terminal or GUI. connecting by Samba is a bit > different, the users homedir will have to exist, or get 'root preexec' > to run a script to do it (I can supply a script if required). > > Rowland > > >