We help IT Professionals succeed at work.

Problems creating home directory when logging on to system when using winbind and AD 2003

695 Views
Last Modified: 2013-12-02
I am trying to establish a common login using AD 2003 domain controller and a linux file server. I have set up samba and winbind and krb5 for authentication. I can join the Linux server to the AD domain. I have placed the recommended changes into the various pam files including mkhomedir.so.

I am using centos 5.2 with samba 3.0.28 and server 2003 R2
My problem is that when I log onto an XP client on the AD domain then browse to the linux file server I can see the home directory but when I try to open it up i get an error dialog stating

"\\server\test\ is not accessible. You might not have permission to use this resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found."

In my linux log file I see the following entries at the same time.

Jul 22 17:11:32 server200 smbd[18039]: [2008/07/22 17:11:32, 0] lib/util_sock.c:send_smb(761)
Jul 22 17:11:32 server200 smbd[18039]:   Error writing 5 bytes to client. -1. (Connection reset by peer)
Jul 22 17:11:32 server200 smbd[18040]: [2008/07/22 17:11:32, 0] smbd/service.c:make_connection_snum(1003)
Jul 22 17:11:32 server200 smbd[18040]:   '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connection_snum(1003)
Jul 22 17:11:42 server200 smbd[18041]:   '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied
Jul 22 17:11:42 server200 smbd[18041]: [2008/07/22 17:11:42, 0] smbd/service.c:make_connection_snum(1003)
Jul 22 17:11:42 server200 smbd[18041]:   '/home/BROADSOFT/test2' does not exist or permission denied when connecting to [test2] Error was Permission denied

I have trolled through many forums and FAQ's but cannot see any solution there - any help from an expert greatly appreciated.

Comment
Watch Question

what are the permissions on /home/BROADSOFT/ ?
Can samba read/write to it ?
do you have selinux on ?

Author

Commented:
The permissions on /home/BROADSOFT are 777 and owner .group is set to nobody.nobody.

I do have selinux enabled but I have been watching the security notices come up from samba and winbind and have made sure that local policy rules are in place to counter these.

I also set up a "shared" directory under /home/shared and again I can see this in the browse list but get similar results when I try to open this.
two things,

one disable selinux and try. if it works, then we can troubleshoot on selinux. I've worked on selinux quite a bit so if its that we can troubleshoot in that direction.

second, try creating a home directory manually and set ownership and then try logging in...we'lll see if its a permission problem or an mkhomedir problem

Author

Commented:
OK I tried to disable selinux using echo 0 > /selinux/enforce but I am not sure that this actually did the trick. When I restarted samba I saw another selinux violation reported in the system log which I then added to the local policy.

I then added the /home/BROADSOFT/test1 directory manually as you suggested and I could then open it from the browes window on my XP client machine so maybe it is a mkhomedir.so related problem?
try enabling back selinux and test that same home directory again.

since you've done both together, we can't be sure if its selinux or mkhomedir thats the cause of the problem.

Author

Commented:
Yes, with selinux enabled I get the same result as before - by creating the test1 home directory manually with the correct permissions and ownership I can open it, create new files within it etc from the XP client. The only thing that I can't do it seems is actually have the directory created with I first log on so its starting to look like a mkhomedir.so related problem...
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi, Thanks to your help, I have fnally realised what the problem is. I have not included the reference to pam_mkhomedir.so in the pam.d/samba file. When I put this there everything worked as it should. Thanks once again for your help.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.