Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    winbind has broken samba share making it not accessible

    I have samba share up and running which can be accessed by users from their Windows client PC’s. These users have local Linux accounts on the Samba server.
    To control access I have a Linux security group called ‘accounts’ and permissions on the Samba directory called ‘shared’ are set as below:-

    drwxrws--- 2 root accounts 4096 Feb 21 12:14 shared

    I have now implemented windbind to give me Windows AD authentication and the above Samba share is no longer accessible. When I type \\samba server in Windows explorer the shared directory is displayed but when you try to go in to the directory I get an error saying the folder is not accessible and that I do not permission to use the network resource. If I set the Linux permissions to 777 I do not have an issue. I’ve tried adding ‘write list =domain name’ into smb.conf. I’ve also tried net groupmap my AD ‘accounts’ group to my Linux ‘accounts’ group. But all have failed. When I look in the samba logs I see the following:-

    [2008/02/21 16:21:50, 0] smbd/service.c:set_current_service(184)
    chdir (/u01/samba) failed

    If I login via SSH using my AD domain account I can cd to /u01/shared without any issues.

    If I disable winbind the share becomes accessible.

    My smb.conf looks like:-
    workgroup = EXAMPLE
    realm = EXAMPLE.XXX.COM
    server string = Production Server
    security = ADS
    log file = /var/log/samba/%m.log
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    load printers = No
    printcap name = /etc/printcap
    dns proxy = No
    remote announce = xxx.xx.6.255 xxx.xx.3.255
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template homedir = /xxxx/xxx/home/%U
    template shell = /bin/bash
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    hosts allow = xxx.xx., 127.
    cups options = raw

    comment = Accounts
    path = /u01/shared
    write list = EXAMPLE.xx.COM\user
    read only = No
    create mask = 0774
    browseable = No

    can anybody suggest how I resolve this as I’m pulling my hair out trying to find a resolution even after lots of googling.


  2. #2
    Have you tried removing one machine from the Domain and then adding it again?

  3. #3
    have you tried making browseable=yes in [homes]

    also comment the line hosts allow=xxxx....

    and try logging in ... also post the last 10 lines of the log file /var/log/samba/%m.log
    when u do the above things

  4. $spacer_open
  5. #4

    Problem resolved

    Thanks for your replies.

    To get over the problem I created a Windows AD group called accounts. I then changed the group ownership on the samba directory.

    chgrp DOMAIN\\accounts sambadirectory

    The original group ownership was set to a local group called accounts. Users, who were authenticating via winbind were members of this local group but it needed an equivilent AD group for things to work.

    I'm guessing that you cannot mix and match permissions when using winbind/samba? i.e. owner can be a domain user and group owner can be local group (/etc/group)

  6. #5


    I would like to add to this, in that I managed to solve this problem by simply setting the group owner of the shared folder in question to nogroup. I.E. since I was trying to share my tftpboot directory, I ran this command under root:

    chown tftp:nogroup /var/lib/tftpboot

    Hope this helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts