Prev: [Samba] Wrong results in dir listing with wildcard
Next: Domain Trusts with Samba 3.0.33 and 3.3.12 ????
From: Moray Henderson on 11 Jun 2010 05:10
Benjamin Allen (and peacefulhappybs247) wrote:
>I've been trying to figure this out for some time and can't quite nail
it
>down, despite searching the internet, and a couple of samba books. Here
>goes:
>
>I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE
>11.2.
>
>Here are some relevant excerpts from my smb.conf file:
>
>[global]
>...
>security = ADS
>...
>winbind separator = +
>...
>log level = 2
>...
>
>[xdrives]
>comment = X Drive Repository
> path = /share/samba/domain/home
> browseable = yes
> create mask = 0700
> directory mask = 0700
> valid users = @OURDOMAIN+smb (this is a group)
> inherit acls = no
> hide unreadable = no
> read only = no
>
>I have AD authentication running via winbind, and the "Kerberos"
element
>is
>working also.
>
>So, "wbinfo -g" produces all groups in the same format as entered in
this
>share:
>
>"
>OURDOMAIN+Administrators
>...
>OURDOMAIN+smb
>"
>
>The filesystem "path =" directory has been chown'd to my name+that
domain
>group(of which I am a member).
>
>"chown OURDOMAIN+me:OURDOMAIN+smb"
>
>Also, I "chmodded" it to 0777 for testing.
>
>Yet... *ARGH!*
>
>When I try accessing this share from windows "Run" or Konqueror on
another
>linux, I get this on the server:
>
>tail /var/log/samba/log.smbd
>
>"...
>[2010/06/07 09:41:37, 2] auth/auth.c:310(check_ntlm_
>password)
> check_ntlm_password: authentication for user [me] -> [me] ->
>[OURDOMAIN+me] succeeded
>[2010/06/07 09:41:37, 0] smbd/service.c:1009(make_connection_snum)
> '/share/samba/domain/home' does not exist or permission denied when
>connecting to [xdrives] Error was Permission denied
>..."
>
>Copy pasting the entry “'/share/samba/domain/home'” right out of the
>above:
>
>ServerName:~ # ls -lah /share/samba/domain/home
>total 512
>drwxrwxrwx 23 OURDOMAIN+me OURDOMAIN+smb 584 Jun 3 10:06 .
>
>I earlier changed the mountpoint of this partition to /share as /srv
>wasn't
>working. Just now, I put in "path = /home" as a reality check, and
>remotely
>accessed \\<server.ip>\<folder>, and it succeeded. I only received an
>error
>message when trying to create a new folder.
>
>What am I missing?

If OpenSUSE uses SELinux or some equivalent, this sounds like the same
problem Jeff was having:
http://lists.samba.org/archive/samba/2010-May/156197.html.



Moray.
"To err is human.  To purr, feline"




--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Benjamin Allen on 15 Jun 2010 09:50
Thanks for the lead.

I did a "ls -Z" on the relevant directories and found that SELinux is
disabled.

I checked to make sure the client and server had the same time settings, and
they're both exact.

Is there anything else this could possibly be?

">[2010/06/07 09:41:37, 2] auth/auth.c:310(check_ntlm_
>password)
> check_ntlm_password: authentication for user [me] -> [me] ->
>[OURDOMAIN+me] succeeded
>[2010/06/07 09:41:37, 0] smbd/service.c:1009(make_
connection_snum)
> '/share/samba/domain/home' does not exist or permission denied when
>connecting to [xdrives] Error was Permission denied
"

Ben

On Thu, Jun 10, 2010 at 8:39 AM, Benjamin Allen <ballen(a)jeffcolib.org>wrote:

> Hello,
>
> I've been trying to figure this out for some time and can't quite nail it
> down, despite searching the internet, and a couple of samba books. Here
> goes:
>
> I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE
> 11.2.
>
> Here are some relevant excerpts from my smb.conf file:
>
> [global]
> ...
> security = ADS
> ...
> winbind separator = +
> ...
> log level = 2
> ...
>
> [xdrives]
> comment = X Drive Repository
> path = /share/samba/domain/home
> browseable = yes
> create mask = 0700
> directory mask = 0700
> valid users = @OURDOMAIN+smb (this is a group)
> inherit acls = no
> hide unreadable = no
> read only = no
>
> I have AD authentication running via winbind, and the "Kerberos" element is
> working also.
>
> So, "wbinfo -g" produces all groups in the same format as entered in this
> share:
>
> "
> OURDOMAIN+Administrators
> ...
> OURDOMAIN+smb
> "
>
> The filesystem "path =" directory has been chown'd to my name+that domain
> group(of which I am a member).
>
> "chown OURDOMAIN+me:OURDOMAIN+smb"
>
> Also, I "chmodded" it to 0777 for testing.
>
> Yet... *ARGH!*
>
> When I try accessing this share from windows "Run" or Konqueror on another
> linux, I get this on the server:
>
> tail /var/log/samba/log.smbd
>
> "...
> [2010/06/07 09:41:37, 2] auth/auth.c:310(check_ntlm_
> password)
> check_ntlm_password: authentication for user [me] -> [me] ->
> [OURDOMAIN+me] succeeded
> [2010/06/07 09:41:37, 0] smbd/service.c:1009(make_connection_snum)
> '/share/samba/domain/home' does not exist or permission denied when
> connecting to [xdrives] Error was Permission denied
> ..."
>
> Copy pasting the entry “'/share/samba/domain/home'” right out of the above:
>
> ServerName:~ # ls -lah /share/samba/domain/home
> total 512
> drwxrwxrwx 23 OURDOMAIN+me OURDOMAIN+smb 584 Jun 3 10:06 .
>
> I earlier changed the mountpoint of this partition to /share as /srv wasn't
> working. Just now, I put in "path = /home" as a reality check, and remotely
> accessed \\<server.ip>\<folder>, and it succeeded. I only received an error
> message when trying to create a new folder.
>
> What am I missing?
>
> Sincere thanks,
>
> Ben
>
>
> --
> Benjamin T. Allen
> Junior Network Administrator
> Jefferson County Library Central Services
>



--
Benjamin T. Allen
Junior Network Administrator
Jefferson County Library Central Services
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Chris Smith on 15 Jun 2010 10:40
On Tue, Jun 15, 2010 at 9:47 AM, Benjamin Allen <ballen(a)jeffcolib.org> wrote:
> Is there anything else this could possibly be?

Did you try simplifying the share for testing purposes?
Remove a few lines, something like:
=================================
[xdrives]
comment = X Drive Repository
path = /share/samba/domain/home
browseable = yes
valid users = @OURDOMAIN+smb (this is a group)
hide unreadable = no
read only = no
=================================

Maybe even remove the valid users line (you're troubleshooting - it
may help to determine what's going on):
=================================
[xdrives]
comment = X Drive Repository
path = /share/samba/domain/home
browseable = yes
hide unreadable = no
read only = no
=================================

Also check that there is no 'valid users' line in the global section
(you didn't supply all of that section).

Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Benjamin Allen on 15 Jun 2010 11:10
Thank you for the responses.

Here is The complete smb.conf, as I'm trying it with the test setup
suggested.

[global]
workgroup = DOMAIN
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = DOMAIN.FULL
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
winbind refresh tickets = yes
wins server = 10.10.10.5
wins support = No
log level = 2

[home]
comment = X Drive Repository
path = /share/samba/domain/home
hide unreadable = no
read only = no

Here is the log output:

tail /var/log/samba/log.smbd
[2010/06/15 09:46:54, 2] auth/auth.c:310(check_ntlm_password)
check_ntlm_password: authentication for user [myname] -> [myname] ->
[DOMAIN+myname] succeeded
[2010/06/15 09:46:54, 0] smbd/service.c:1009(make_connection_snum)
'/share/samba/domain/home' does not exist or permission denied when
connecting to [home] Error was Permission denied
[2010/06/15 09:46:57, 2] auth/auth.c:320(check_ntlm_password)
[2010/06/15 09:46:57, 2] smbd/service.c:584(create_connection_server_info)
guest user (from session setup) not permitted to access this share (home)
[2010/06/15 09:46:57, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED

On the off hand chance this is something related to how the drive is
mounted:

cat /proc/mounts:

....
/dev/mapper/nhvg-nhsvr /share reiserfs rw,relatime,acl,user_xattr 0 0
....


df -h:

....
/dev/mapper/nhvg-nhsvr
568G 113G 456G 20% /share


....


None of the other errors existed before using this setup, so I figure this
is still the root of the issue:

"[2010/06/15 09:46:54, 0] smbd/service.c:1009(make_connection_snum)
'/share/samba/domain/home' does not exist or permission denied when
connecting to [home] Error was Permission denied"

It seems like an obvious error of "Permission denied."

But I don't have SELinux enabled, the share is chown'd to my user, and it's
chmod'd to 777.

I can run "su DOMAIN+myname", receive a shell in that directory and create
and delete files. "Smbpasswd" shouldn't be needed (as far as I understand),
because all the usernames and passwords are drawn from out Win2003 Domain
Controller.

Thanks,

Ben

On Tue, Jun 15, 2010 at 9:35 AM, Chris Smith <smb_77(a)chrissmith.org> wrote:

> On Tue, Jun 15, 2010 at 9:47 AM, Benjamin Allen <ballen(a)jeffcolib.org>
> wrote:
> > Is there anything else this could possibly be?
>
> Did you try simplifying the share for testing purposes?
> Remove a few lines, something like:
> =================================
> [xdrives]
> comment = X Drive Repository
> path = /share/samba/domain/home
> browseable = yes
> valid users = @OURDOMAIN+smb (this is a group)
> hide unreadable = no
> read only = no
> =================================
>
> Maybe even remove the valid users line (you're troubleshooting - it
> may help to determine what's going on):
> =================================
> [xdrives]
> comment = X Drive Repository
> path = /share/samba/domain/home
> browseable = yes
> hide unreadable = no
> read only = no
> =================================
>
> Also check that there is no 'valid users' line in the global section
> (you didn't supply all of that section).
>
> Chris
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>



--
Benjamin T. Allen
Junior Network Administrator
Jefferson County Library Central Services
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Chris Smith on 15 Jun 2010 12:20
On Tue, Jun 15, 2010 at 11:01 AM, Benjamin Allen <ballen(a)jeffcolib.org> wrote:
> It seems like an obvious error of "Permission denied."

I would go a step further.

Make sure you have a valid username map, for example:
======================================
$ cat /etc/samba/smbusers
root = administrator
nobody = guest
======================================
assuming 'nobody' is your nix guest account, if not define it with the
'guest account' parameter and create/edit the file accordingly

With a corresponding line in the global section of smb.conf:
======================================
username map = /etc/samba/smbusers
======================================

Be sure to keep your:
======================================
map to guest = Bad User
======================================
entry as well.

Then add:
======================================
guest ok = yes
======================================
to the share.

Can you connect then?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 |  Next  |  Last
Pages: 1 2
Prev: [Samba] Wrong results in dir listing with wildcard
Next: Domain Trusts with Samba 3.0.33 and 3.3.12 ????