我有一个 xubuntu 14.04 客户端、一个 debian 8 Samba 文件服务器和一个外部 Active Directory 服务。我登录为用户1在客户端上使用 winbind 针对 ADS 进行身份验证。我的主目录/home/ADS/user1
是在从 Samba 服务器登录时安装的。df
输出是:
//server/homes/ 11718445056 6596289592 5122155464 57% /home/ADS
共享 samba 文件夹包含其他几个主目录(输出ls -l
在服务器上)(“domänen-benutzer”是德语,意思是“域用户”):
drwx------ 14 user1 domänen-benutzer 4096 Apr 29 15:51 user1
drwx------ 14 user2 domänen-benutzer 4096 Apr 29 16:50 user2
drwxr-xr-x 13 root root 4096 Apr 19 16:02 otherstuff
但是当我列出已安装的文件夹时在我的客户上表明:
drwx------ 14 user1 domänen-benutzer 4096 Apr 29 15:51 user1
drwx------ 14 user1 domänen-benutzer 4096 Apr 29 16:50 user2
drwxr-xr-x 13 user1 domänen-benutzer 4096 Apr 19 16:02 otherstuff
那很糟。并ls -l /home
显示:
drwxr-xr-x 14 user1 domänen-benutzer 4096 Apr 29 15:51 ADS
为什么文件挂载到客户端后权限会改变?我怎样才能阻止它?
更多信息:
我使用 PAM 挂载来挂载共享文件夹。因此,我libpam-mount, cifs-utils
在客户端上安装了软件包,并在中添加了以下行/etc/security/pam_mount.conf.xml
:
<volume fstype="cifs" path="//chronos/homes/" mountpoint="/home/ADS/"/>
我的smb.conf
文件如下所示:
[global]
workgroup = ADS
security = ads
realm = ADS.EXAMPLE.COM
password server = *
client use spnego = yes
client ntlmv2 auth = yes
restrict anonymous = 2
encrypt passwords = yes
domain master = no
local master = no
preferred master = no
os level = 0
idmap uid = 10000-40000000
idmap gid = 10000-40000000
template shell = /bin/bash
template homedir = /home/ADS/%U
winbind enum users = no
winbind enum groups = no
winbind cache time = 300
winbind use default domain = yes
[homes]
#create home directories at login
root preexec = bash -c '[[ -d /home/ADS/%U ]] || mkdir -m 0700 /home/ADS/%U && chown %U:%G /home/ADS/%U'
read only = no
path = /home/ADS/