Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: Access Denied in users home folders

  1. #1
    Join Date
    Jan 2013
    Location
    Norrkoping, Sweden
    Beans
    144
    Distro
    Ubuntu 13.04 Raring Ringtail

    Access Denied in users home folders

    I have installed Ubuntu 12.04.2 Server on a Dell poweredge R710 using LVM. I have installed DNS, DHCP and Samba4, I have created a domain with provisioning and I have created users with roaming profiles and H: as their home folder. I am using Adminpak for Windows server 2003 and administrating it from an XP machine.

    To create roaming user profiles I first created a folder named profile and created the profile with \\dc01\profile\%USERNAME%. That works just fine and users can log on to any computer with their profile. I then created a folder named hem for the users home folders and used \\dc01\hem\%USERNAME% and this is where things goes wrong.

    This is the error:

    Code:
    The \\dc01\hemkatalog\clark home folder was not created because you do not have create access on the server. The user account has been updated with the new home folder value but you must create the directory manually after obtaining the required access rights.
    Here is my smb.conf

    Code:
    root@DC01:~# testparm
    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    Unknown parameter encountered: "server role"
    Ignoring unknown parameter "server role"
    Processing section "[netlogon]"
    Processing section "[sysvol]"
    Processing section "[profile]"
    Processing section "[profiles]"
    Processing section "[hemkatalog]"
    Processing section "[Hem]"
    Loaded services file OK.
    ERROR: cache directory /var/cache/samba does not exist
    Server role: ROLE_STANDALONE
    Press enter to see a dump of your service definitions
    
    [global]
        workgroup = MYDOMAIN
        realm = MYDOMAIN.LAN
        passdb backend = samba4
        idmap config * : backend = tdb
    
    [netlogon]
        path = /var/lib/samba/sysvol/mydomain.lan/scripts
        read only = No
    
    [sysvol]
        path = /var/lib/samba/sysvol
        read only = No
    
    [profile]
        path = /home/profile
        read only = No
        browseable = No
    
    [profiles]
        path = /home/profiles
        read only = No
        browseable = No
    
    [hemkatalog]
        comment = Hemkataloger for alla deltagare.
        path = /home/hemkatalog
        read only = No
        browseable = No
    
    [Hem]
        path = /home/hem
    This is the permissions and rights from ls -l:

    Code:
    drwxrwxrwx 3 root    root    4096 Apr  5 11:53 hem
    drwxrwxrwx 3 root    root    4096 Apr  2 11:00 hemkatalog
    drwxrwxrwx 8 root    root    4096 Apr  2 10:51 profile
    drwxrwxrwx 5 root    root    4096 Apr  2 10:52 profiles
    I have done several attempts to create home folders for the users. The first time I created hemkatalog but only Administrator could create files and folders. Now only root can create files and folders within hem/hemkatalog

    Can any of you see what's wrong here or have you had the same problem created users with home folders?
    Last edited by JnPson; September 8th, 2013 at 12:18 PM.

  2. #2
    Join Date
    Nov 2009
    Location
    Mataro, Spain
    Beans
    13,560
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Access Denied in users home folders

    I didn't understand, how are you actually creating the users on the ubuntu server?
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 14.04 LTS 64bit & Windows 10 Pro 64bit

  3. #3
    Join Date
    Jan 2013
    Location
    Norrkoping, Sweden
    Beans
    144
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    Througn adminpak from an xp machine.

  4. #4
    Join Date
    Nov 2009
    Location
    Mataro, Spain
    Beans
    13,560
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Access Denied in users home folders

    Are you sure that can create them on a linux filesystem? Only root has those permissions, are you sure it's working?

    It seems to me like that is the part that's failing, the creation of a new user. And not samba user, the linux user. Creating the user will make the corresponding home folder too, and set that user as owner of its home folder.

    I have no idea what adminpak is about but you can try adding few users on the command line and see if they work as expected. Then you know where the problem lies.

    I always mix up the command to add users, was it useradd or adduser. I think they both have something to do with it.

    If you want users to belong to specific group, etc, you can add options to the command. I guess the man page can give you more details about that. This is what a quick google search says:
    http://www.howtogeek.com/howto/ubunt...ubuntu-server/
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 14.04 LTS 64bit & Windows 10 Pro 64bit

  5. #5
    Join Date
    Apr 2013
    Location
    Bordeaux, France
    Beans
    122
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    hi,

    I have had the same problem. Here is what I did to create my /User folder:

    Code:
    sudo mkdir -m 770 /Users
    
    sudo chmod g+s /Users
    but that didn't work quite immediately though...

    Code:
    sudo chown root:users /Users
    made it work.

    you also have to add this to your smb.conf

    Code:
    [Users]
    directory_mode: parameter = 0700
    read only = no
    path = /Users
    csc policy = documents

    Editing again but after further inspection on your testparm command result, your server is not a DC, it only has a standalone server role which could also explain your problem.
    I m not sure ADS authentication is possible against a standalone server and I think what you need is a functionnal ADS domain controller.

    Quote Originally Posted by darkod View Post
    Are you sure that can create them on a linux filesystem? Only root has those permissions, are you sure it's working?
    Yes it can, thes "Users" folder is a container and has to have the rights for each newly logged user to the active directory to create his homefolder inside it.
    each user can only see or edit what's in his own homefolder.
    Last edited by howefield; October 31st, 2016 at 11:03 AM. Reason: posts combined.

  6. #6
    Join Date
    Jan 2013
    Location
    Norrkoping, Sweden
    Beans
    144
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    Toxic64, I will try this tomorrow when I'm back to work and I will post here how things turn out.

  7. #7
    Join Date
    Apr 2013
    Location
    Bordeaux, France
    Beans
    122
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    Ok, no problem.
    As I said, it seems you have a problem with your server. from what I can read from the testparm result your server is not a Domain controller.
    Code:
    Server role: ROLE_STANDALONE
    which means your users haven't got anything to authenticate against, unless you have another Domain controller somewhere else.

    Did you install Samba 4 from apt-get or did you compile from source via git?
    what version of samba 4 are you running? (samba -V to find out)

  8. #8
    Join Date
    Nov 2009
    Location
    Mataro, Spain
    Beans
    13,560
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Access Denied in users home folders

    So, does that mean we are going back to what I said, it doesn't actually create users on linux filesystem? You seem to say "you need functional Active Directory contoller" and this adminpak program seems only to help with the GUI to manage users which at the end are authenticating against an AD.

    But if you have only your samba server, adminpak doesn't do anything for you since it doesn't actually create users on linux for you. There is a big difference again simply authenticating a user against existing AD and creating the user in your linux server. The OP seems to think it can do that, and from what has been said so far it doesn't look like that to me. Again I say, I might be wrong.

    I don't know how many users we are talking about, but especially if there is not a huge number of users, I would say consider creating them in linux and that's it. Don't rely too much on GUI tools that are based on windows and AD, especially if you have no AD running.

    From what I have seen so far, I doubt this adminpak helps with OpenLDAP too. I mean what's the point if it needs a running AD server?

    PS. You can very easily check whether the home folders get created at all, I think they don't. Just open /home and check if you have the home folders off all users that you expect. I think this adminpak can't create anything on linux, but if you create the user on the server yourself, it will work. Try it with one user. Creating a user on linux creates the home folder automatically.
    Last edited by darkod; April 8th, 2013 at 08:48 AM.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 14.04 LTS 64bit & Windows 10 Pro 64bit

  9. #9
    Join Date
    Apr 2013
    Location
    Bordeaux, France
    Beans
    122
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    So, does that mean we are going back to what I said, it doesn't actually create users on linux filesystem? You seem to say "you need functional Active Directory contoller" and this adminpak program seems only to help with the GUI to manage users which at the end are authenticating against an AD.
    Well actually not.
    Samba 4 has AD integration. you can create or join an Active directory domain with Samba4 without an actual Windows server. Adminpak helps you with your samba4/AD administration and it works just great.
    The AD creates the Users home folder on the linux file system but for it to work you have to have a working DC wether its Samba4 acting as AD or Microsoft AD doesn't matter.

    As a matter of fact, it doesn't create the users on your linux, it creates the users in the AD database/ users Organizational Unit. but the AD administrator account with which you create the users and do other tasks has rights on the linux filesystem through Samba4.

    For instance I have a full Samba4 Active Directory with 5 Samba4 servers replicating, DNS working etc...none of those 5 servers is a windows server...(which is cool)
    I have adminpak installed on windows 7 machine and doing all my administration from there wether it's AD administration or DNS or GPo (Group policy Objects).
    Samba4/Ad domains are just great.

  10. #10
    Join Date
    Jan 2013
    Location
    Norrkoping, Sweden
    Beans
    144
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Access Denied in users home folders

    I did a clean install of Ubuntu server 12.04.2 and chose SSH only, during install to be able to admin it. I then installed samba4 with apt-get, then I ran provisioning:
    Code:
    /usr/share/samba/setup/provision --realm=mydomain.lan --domain=MYDOMAIN --adminpass='Test123' --server-role=dc
    I'm pretty sure it is a domain controller, even though the testparm result shows otherwise. I have added several XP machines to the domain, and I've created users with roaming profiles. Both computers and users can authenticate against the server and everything but making home folders works.

    I believe there is a new version of testparm I could run but I have forgotten the command, testparm for samba 4. Correct me if I'm wrong.

    The version of samba4:

    Code:
    root@DC01:/# samba -V
    Version 4.0.0alpha18


    I did what you suggested.

    Code:
    root@DC01:/# mkdir -m 770 /users
    root@DC01:/# chmod g+s /users
    root@DC01:/# chown root:users /users
    I edited smb.conf and added:

    Code:
    [Users]
            directory_mode: parameter = 0700
            read only = no
            path = /users
            csc policy = documents
    Administrator can now create home folders for the users, but users can't access it.

    //Edit
    http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
    The command is samba-tool testparm
    Code:
    root@DC01:/# samba-tool testparm
    Press enter to see a dump of your service definitions
    
    # Global parameters
    [global]
        server role = domain controller
        workgroup = MYDOMAIN
        realm = mydomain.lan
        netbios name = DC01
        passdb backend = samba4
    
    [netlogon]
        path = /var/lib/samba/sysvol/mydomain.lan/scripts
        read only = No
    
    [sysvol]
        path = /var/lib/samba/sysvol
        read only = No
    
    [profile]
        path = /home/profile
        read only = No
        browseable = No
    
    [profiles]
        path = /home/profiles
        read only = No
        browseable = No
    
    [Users]
        path = /users
        read only = No
        csc policy = documents
        directory_mode: parameter = 0700
    
    [hemkatalog]
        comment = Hemkataloger for alla deltagare.
        path = /home/hemkatalog
        read only = No
        browseable = No
    
    [Hem]
        path = /home/hem
    //
    Last edited by JnPson; December 5th, 2013 at 10:13 AM. Reason: To point out the edit.

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •