asked on Problems creating home directory when logging on to system when using winbind and AD 2003
I am trying to establish a common login using AD 2003 domain controller and a linux file server. I have set up samba and winbind and krb5 for authentication. I can join the Linux server to the AD domain. I have placed the recommended changes into the various pam files including mkhomedir.so.
I am using centos 5.2 with samba 3.0.28 and server 2003 R2
My problem is that when I log onto an XP client on the AD domain then browse to the linux file server I can see the home directory but when I try to open it up i get an error dialog stating
"\\server\test\ is not accessible. You might not have permission to use this resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found."
In my linux log file I see the following entries at the same time.
Jul 22 17:11:32 server200 smbd[18039]: [2008/07/22 17:11:32, 0] lib/util_sock.c:send_smb(7
Jul 22 17:11:32 server200 smbd[18039]: Error writing 5 bytes to client. -1. (Connection reset by peer)
Jul 22 17:11:32 server200 smbd[18040]: [2008/07/22 17:11:32, 0] smbd/service.c:make_connec
Jul 22 17:11:32 server200 smbd[18040]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connec
Jul 22 17:11:42 server200 smbd[18041]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connec
Jul 22 17:11:42 server200 smbd[18041]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
I have trolled through many forums and FAQ's but cannot see any solution there - any help from an expert greatly appreciated.
I am using centos 5.2 with samba 3.0.28 and server 2003 R2
My problem is that when I log onto an XP client on the AD domain then browse to the linux file server I can see the home directory but when I try to open it up i get an error dialog stating
"\\server\test\ is not accessible. You might not have permission to use this resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found."
In my linux log file I see the following entries at the same time.
Jul 22 17:11:32 server200 smbd[18039]: [2008/07/22 17:11:32, 0] lib/util_sock.c:send_smb(7
Jul 22 17:11:32 server200 smbd[18039]: Error writing 5 bytes to client. -1. (Connection reset by peer)
Jul 22 17:11:32 server200 smbd[18040]: [2008/07/22 17:11:32, 0] smbd/service.c:make_connec
Jul 22 17:11:32 server200 smbd[18040]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connec
Jul 22 17:11:42 server200 smbd[18041]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connec
Jul 22 17:11:42 server200 smbd[18041]: '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
I have trolled through many forums and FAQ's but cannot see any solution there - any help from an expert greatly appreciated.
Server SoftwareActive Directory
Last Comment
broadsoft
ASKER
The permissions on /home/BROADSOFT are 777 and owner .group is set to nobody.nobody.
I do have selinux enabled but I have been watching the security notices come up from samba and winbind and have made sure that local policy rules are in place to counter these.
I also set up a "shared" directory under /home/shared and again I can see this in the browse list but get similar results when I try to open this.
I do have selinux enabled but I have been watching the security notices come up from samba and winbind and have made sure that local policy rules are in place to counter these.
I also set up a "shared" directory under /home/shared and again I can see this in the browse list but get similar results when I try to open this.
two things,
one disable selinux and try. if it works, then we can troubleshoot on selinux. I've worked on selinux quite a bit so if its that we can troubleshoot in that direction.
second, try creating a home directory manually and set ownership and then try logging in...we'lll see if its a permission problem or an mkhomedir problem
one disable selinux and try. if it works, then we can troubleshoot on selinux. I've worked on selinux quite a bit so if its that we can troubleshoot in that direction.
second, try creating a home directory manually and set ownership and then try logging in...we'lll see if its a permission problem or an mkhomedir problem
ASKER
OK I tried to disable selinux using echo 0 > /selinux/enforce but I am not sure that this actually did the trick. When I restarted samba I saw another selinux violation reported in the system log which I then added to the local policy.
I then added the /home/BROADSOFT/test1 directory manually as you suggested and I could then open it from the browes window on my XP client machine so maybe it is a mkhomedir.so related problem?
I then added the /home/BROADSOFT/test1 directory manually as you suggested and I could then open it from the browes window on my XP client machine so maybe it is a mkhomedir.so related problem?
try enabling back selinux and test that same home directory again.
since you've done both together, we can't be sure if its selinux or mkhomedir thats the cause of the problem.
since you've done both together, we can't be sure if its selinux or mkhomedir thats the cause of the problem.
ASKER
Yes, with selinux enabled I get the same result as before - by creating the test1 home directory manually with the correct permissions and ownership I can open it, create new files within it etc from the XP client. The only thing that I can't do it seems is actually have the directory created with I first log on so its starting to look like a mkhomedir.so related problem...
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi, Thanks to your help, I have fnally realised what the problem is. I have not included the reference to pam_mkhomedir.so in the pam.d/samba file. When I put this there everything worked as it should. Thanks once again for your help.
Can samba read/write to it ?
do you have selinux on ?