Hi List,
I've just updated from Samba 3.0.33 to 3.5.6 on my Centos 5.5 PDC and am
having problems accessing home directories.
To allow a backout option I set up a new server, put 3.0.33 on it,
joined it to the domain and rsynced the home directories over with the
flags necessary to maintain the permissions and user/group ownership.
This worked and after completion I upgraded the new server to 3.5.6
flushed the /var/lib/samba directory of tdb and dat files, rsynced
ldap.conf and smb.conf over from the old PDC, changedthe name to PDC and
set up the LDAP user password, etc. using smbpasswd.
I can now log in as a user but can't access the home directories. If I
log in with my domain admin account, I can access user's directories and
pulling up the properties window I can see the permissions in the
security window and these are correct. Running getent passwd user and
group show all the UNIX accounts from the LDAP server ok and "net
groupmap list" shows all the correct group mapping.
To be certain, I ran chmod and setfacl on the user's directories buty it
made no difference.
I have found other people with similar problems via Google but none of
the solutions they tried, e.g. renaming and recreating smbpasswd etc.
worked. Any suggestions gratefully received.
### smb.conf ###
[global]
# General Options for domain
workgroup = BGS
netbios name = PDC
server string = PDC
use sendfile = no
log file = /var/log/samba/%m.log
max log size = 50
map to guest = bad user
security = user
smb ports = 139
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
wins support = yes
dns proxy = no
dos charset = 850
unix charset = ISO8859-1
admin users = root BGS\admin
log level = 0
smb ports = 139
idmap uid = 10000-200000
idmap gid = 10000-200000
winbind use default domain = yes
interfaces = lo eth0 eth1 eth2 eth3
bind interfaces only = yes
remote announce = 172.20.3.255/BGS 172.20.2.255/BGS
172.20.1.255/BGS 172.20.0.255/BGS
remote browse sync = 172.20.0.255 172.20.1.255 172.20.2.255
172.20.3.255
local master = no
os level = 100
domain master = yes
preferred master = no
name resolve order = bcast wins lmhosts
domain logons = yes
logon script = \\SMB5\netlogon\%g
logon home = \\SMB5\%U
ldap password sync = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add group script = /usr/sbin/smbldap-groupadd '%g' &&
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null
-c 'Machine Account' -s /bin/false '%u'
enable privileges = yes
passdb backend = ldapsam:ldap://172.20.0.253
idmap backend = ldap:ldap://172.20.0.253
ldap admin dn = cn=Manager,dc=bordengrammar,dc=kent,dc=sch,dc=uk
ldap suffix = dc=bordengrammar,dc=kent,dc=sch,dc=uk
ldap machine suffix = ou=Users
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
veto files =
/*.exe/*.scr/*.vbs/*.asf/*.wma/*.mpeg/*.ra/*.ram/*.bas/*.bat/*.rar/
create mask = 0600
directory mask = 0700
[Profiles]
comment = Roaming Profile Share
path = /share/profiles
read only = No
browseable = No
guest ok = Yes
profile acls = Yes
create mode = 600
directory mode = 700
# vfs objects = fake_perms
profile acls = yes
[netlogon]
comment = Network Logon Service
path = /netlogon
guest ok = yes
writable = no
preexec = echo \"%u connected to %S from %m %I\" >>
/var/log/samba/logons.log
postexec = echo \"%u disconnected from %S from %m %I\" >>
/var/log/samba/logons.log
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
