[SOLVED] Adding new share to Samba LDAP but can't access

Heiki · 12-31-2014, 04:18 AM

Hello!

Client wants to add new share "2015" for next year. The guy that usually does that is on vacation and there is no documentation left behind.

I've googled around yesterday with now luck.

Server runs on Fedora and has Samba with OpenLDAP authentication.

What I have done so far:

Made directory
Gave FS permissions to directory with chown and chmod
edited the /etc/samba/smb.conf and added new share details. I took existing share info and modified name,path and comment to fit new share.
Restarted samba service

The result is that I can see the share on server. When I try to access from workstation I get "Network Error" which says I have no permissions however I can access all the existing shares fine. When I log into server as regular user I can browse the new directory with no problems.

It seems to me that authentication doesn't work? I don't know.

If anyone could help me I would be very grateful!

Ser Olmy · 12-31-2014, 08:01 AM

Check the ACL on the directory with getfacl, and compare both these settings and the access settings for the share (in smb.conf) to those of other, working shares.

Heiki · 12-31-2014, 08:50 AM

Quote:

Originally Posted by Ser Olmy

Check the ACL on the directory with getfacl, and compare both these settings and the access settings for the share (in smb.conf) to those of other, working shares.

@Ser Olmy: Thanks for the reply!

I ran getfacl /export/2015 on the directory and it returned
# file: export/2015
# owner: root
# group: Users
user::rwx
group::rwx
other::---

My smb.conf is same as other shares. I used vim copy-paste to make new share so there can't be typos there.
Here's my conf:

[2015]
comment = 2015
path = /export/2015
read only = no
create mask = 0770
force create mode = 0770
security mask = 000
force security mode = 0770
directory mask = 0770
force directory mode = 0770
directory security mask = 000
force directory security mode = 0770
valid users = @Users

Seems good to me... I read that Samba should take care of LDAP authentication for me. But it seems like I am supposed to do something more. The problem still there.
I have little experience in Linux. When adding new share to Samba LDAP is it enough to edit smb.conf and restart service? Isn't there a need to let LDAP know about new share and it's OK to have users access it?

zafar_dandoti · 12-31-2014, 10:43 AM

Meybe selinux issue.
Do this by root
chcon -t samba_share_t /exports/2015
Restart samba

Heiki · 12-31-2014, 04:42 PM

Quote:

Originally Posted by zafar_dandoti

Meybe selinux issue.
Do this by root
chcon -t samba_share_t /exports/2015
Restart samba

@zafar_dandoti: This solved my problem. Thank you very much!