Users can't access their samba shared homes from Windows

1

I installed and configure a Samba 4 as AD and I shared Homes. I can log in the Samba server and a Windows 2008 server with my users. However, on Windows, when I type "\IPSambaServer\user1" when logged with user1, I get access denied with error code : 0x80070005.

Of course I don't wan't a 777 on home directories and.

Linux permissions on Samba Server :
ls -dl /home/user1 drwx------. 6 user1 users 4096 Aug 26 14:04 /home/user1/

testparm :

[global]
workgroup = DOMAIN
ream = enterprise.com
server string = Samba Server
server role = active directory domain controller
security = AUTO
passdb backend = samba_dsdb
log file = /usr/local/samba/var/log.samba
max log size = 50
dns proxy = No
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr

[homes]
comment = Home Directories
read only = No
create mask = 0660
directory mask = 0771

I add the user_xattr,acl in my /etc/fstab

Weird thing is that administrator can access (read and write) to his home, and every user's homes. But maybe it's because I mapped root = DOMAIN\administrator

For test, I created dir /tmp/test with 777 rights then shared it. With my user1 from Windows I created a directory in it. Then ls -l /tmp/test/ tell me the owner of the new directory instead of user1, is 3000040. I tried with an other user and it was 3000043.

In security tab of homes' share, "Creator and Propri" have read / write access. How can I do to grant access to user's homes ?

samba
users
share
home-directory
asked on Server Fault Jan 10, 2014 by ouzmoutous • edited Jan 10, 2014 by ouzmoutous

1 Answer

0

I find the solution !

When a user was created, I used a script to add an uidNumber to Samba (with an ldif file and command ldbmodify). The problem was that Samba creates its own uidNumber (the "300040" for user1 in my case) and with a Windows machine used it for access rights.

The only way I find to get this number is with wbinfo -i user1. So I put for each users this number in the uidNumber and it works !

answered on Server Fault Jan 13, 2014 by ouzmoutous

User contributions licensed under CC BY-SA 3.0