Hi, all –
I just loaded Open SuSE 13.1 after a disk failure, and now can’t get my NT-style domain to operate correctly. The relevant disks open, but students’ home directories are labeled “access denied.” I’ve checked the Linux directories; students have access to their home directories, but this isn’t being carried over to Samba. I suspect that the fix is relatively simple and that I’ve just overlooked it, but can anybody point me in the right direction? The problem appears to be in the [users] block, specifically the "path = " command. There are several different “home” directories (home1, home2, home3, etc.), so I can’t designate a specific path in this command. Is there an easy way to tell Samba to look at the user data to find the precise path to the home directory?
Thanks.
cheers,
pete
Here are the relevant portions of the smb.conf file:
[global]
workgroup = ERSL
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = X:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 65
preferred master = Yes
security = user
idmap gid = 10000-20000
idmap uid = 10000-20000
netbios name = earth
wins support = No
usershare max shares = 100
wins server =
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = Yes
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
On 10/21/2014 11:46 AM, peteclapham wrote:
>
> Hi, all –
>
> I just loaded Open SuSE 13.1 after a disk failure, and now can’t get my
> NT-style domain to operate correctly. The relevant disks open, but
> students’ home directories are labeled “access denied.” I’ve checked
> the Linux directories; students have access to their home directories,
> but this isn’t being carried over to Samba. I suspect that the fix is
> relatively simple and that I’ve just overlooked it, but can anybody
> point me in the right direction? The problem appears to be in the
> [users] block, specifically the "path = " command. There are several
> different “home” directories (home1, home2, home3, etc.), so I can’t
> designate a specific path in this command. Is there an easy way to tell
> Samba to look at the user data to find the precise path to the home
> directory?
>
> Thanks.
>
> cheers,
> pete
>
>
pete;
When you loaded openSUSE, did you restore the old Domain SID? I believe that is saved in /etc/samba/secrets.tdb and if
over written Samba will generate a new SID. If the old SID is not restored it breaks the Domain. I’m not sure if not
accessing the home share is a symptom of that or not. If you know the old Domain SID it can be restored. If you do not
have a backup you might try leaving and rejoining the domain on a test machine and see if that helps.
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
I did try leaving and rejoining the domain (couldn’t use the old SID because the OS disk died). Joining the domain isn’t the problem. The problem is that nobody has access to their home directory. They do have access to any other resources of the domain. I’ve tried using NIS, setting a symbolic link from /home/<user> to /home2/<user>; nothing seems to work. The maddening thing is that it did work before the OS disk died and I had to reload OpenSuSE on a new disk.
On 10/22/2014 8:46 AM, peteclapham wrote:
>
> I did try leaving and rejoining the domain (couldn’t use the old SID
> because the OS disk died). Joining the domain isn’t the problem. The
> problem is that nobody has access to their home directory. They do have
> access to any other resources of the domain. I’ve tried using NIS,
> setting a symbolic link from /home/<user> to /home2/<user>; nothing
> seems to work. The maddening thing is that it did work before the OS
> disk died and I had to reload OpenSuSE on a new disk.
>
>
pete;
I was hoping that rejoining the domain would make the [homes] share work again. I really have no other idea.
For future reference you might want to save your domain and local SID in case of future problems.
(On the PDC the domain sid and local sid should be the same.)
net getlocalsid
net getlocalsid <domain>
or
net getdomainsid
It can be restored on the PDC or BDC with:
net setlocalsid S-1-5-21-x-y-z
and
net setdomainsid S-1-5-21-x-y-z
Where x,y and z are from your saved SID
See: man net
P.V.
“We’re all in this together, I’m pulling for you” Red Green
A tip for the future: according to the Unix and Linux Administrators Handbook, SUSE has the best commented files of all. If you cat /ect/samba/smb.conf, the first three lines say
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
So it is always worth studying the files supplied with openSUSE before attempting something.