[Samba] Permission Issue

Benedikt Kaleß benedikt.kaless at forumZFD.de
Fri Aug 30 08:14:25 UTC 2019 

Hi,

just to keep you updated:

The following trick seems to work for me:

1.) I stopped winbind on the cluster

2.) I deleted the cache: "net cash flush"

Afterwards the result for "id testuser" was not quite the same like the
result on the "old fileserver"

3.) I stopped the ctdb daemon

4.) I backuped /var/lib/samba/winbindd_cache.tdb on all nodes

5.) I restared all nodes

Afterwards the users get the appropriate permissions.

(On some clients the Credentials haveto be deleted too)

Best regards and thank you very much for your help again!

Bene

Am 29.08.19 um 13:03 schrieb Benedikt Kaleß via samba:
> Hi,
>
> yes, I did.
>
> I get the same results with "getent passwd testuser" on each node.
>
> /etc/ctdb/nodes and /etc/ctdb/public_addresses is exactly the same on
> each node
>
> On each node sernet-samba/stretch,now 99:4.9.12-15 amd64 is installed
>
> Yes, I read the documentation. It is strange, that another cluster in
> another office configured that way is working perfect ;( The load is not
> as high as the load here. But even here only 20 people are working on it
> currently
>
> Best
>
> Bene
>
>
> Am 29.08.19 um 12:36 schrieb Rowland penny via samba:
> > On 29/08/2019 11:17, Benedikt Kaleß via samba wrote:
> > > Hi,
> > >
> > > I don't have the user root.
> > >
> > > No changes :( Sometimes a user gets permissions, sometimes not.
> > >
> > > This net conf is now running:
> > >
> > > [global]
> > >      winbind refresh tickets = Yes
> > >      winbind use default domain = yes
> > >      template shell = /bin/bash
> > >      idmap config * : range = 1000000 - 1999999
> > >      idmap config EXAMPLE : backend = rid
> > >      idmap config EXAMPLE : range = 500 - 200000
> > >      hide dot files = yes
> > >      server string = FileServer %h (Samba %v)
> > >      map acl inherit = yes
> > >      inherit permissions = yes
> > >      workgroup = ZFD
> > >      netbios name = CLUSTER-HO
> > >      clustering = yes
> > >      security = ads
> > >      realm = EXAMPLE.com
> > >      store dos attributes = Yes
> > >      log level = 3
> > >      vfs objects = acl_xattr
> > >
> > > [home]
> > >      comment = Home Directories
> > >      read only = no
> > >      browseable = yes
> > >      vfs objects = acl_xattr glusterfs
> > >      glusterfs:volume = gv-ho
> > >      glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
> > >      glusterfs:loglevel = 3
> > >      glusterfs:volfile_server = gluster1 gluster3
> > >      kernel share modes = no
> > >      path = /
> > >
> > > [Fileshare]
> > >      comment = Fileshare
> > >      read only = no
> > >      vfs objects = acl_xattr glusterfs
> > >      glusterfs:volume = gv-ho
> > >      glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
> > >      glusterfs:loglevel = 10
> > >      glusterfs:volfile_server = gluster1 gluster3
> > >      kernel share modes = no
> > >      path = /data/Files
> > >
> > > Does this error in log.smbd give a hint?
> > >
> > > [2019/08/29 12:14:24.765433,  2] ../source3/smbd/open.c:4045(open_directory)
> > >    open_directory: unable to create
> > > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations.
> > > Error was NT_STATUS_OBJECT_NAME_COLLISION
> > > [2019/08/29 12:14:24.765472,  3]
> > > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
> > >    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_OBJECT_NAME_COLLISION] || at
> > > ../source3/smbd/smb2_create.c:296
> > > [2019/08/29 12:14:24.767517,  2] ../source3/smbd/dosmode.c:136(unix_mode)
> > >   
> > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms)
> > > inheriting from
> > > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations
> > > [2019/08/29 12:14:24.767603,  2] ../source3/smbd/dosmode.c:161(unix_mode)
> > >   
> > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms)
> > > inherit mode 40770
> > > [2019/08/29 12:14:24.767690,  3]
> > > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
> > >    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at
> > > ../source3/smbd/smb2_create.c:296
> > > [2019/08/29 12:14:35.232651,  2]
> > > ../source3/smbd/close.c:802(close_normal_file)
> > >    ZFD\testuser closed file
> > > testuser/AppData/Roaming/Microsoft/Windows/Recent/CustomDestinations/f18460fded109990.customDestinations-ms
> > > (numopen=26) NT_STATUS_OK
> > >
> > > Best regards
> > >
> > > Bene
> > >
> > >
> > >
> > Are you using the same Samba version & smb.conf on all ctdb cluster members.
> >
> > If you run 'getent passwd testuser' on each cluster member, do you get 
> > identical results ?
> >  
> > Rowland
> >
> >
> >

-- 
forumZFD
Entschieden für Frieden|Committed to Peace

Benedikt Kaleß
Leiter Team IT|Head team IT

Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany  

Tel 0221 91273233 | Fax 0221 91273299 | 
http://www.forumZFD.de 

Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz  
VR 17651 Amtsgericht Köln

Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX

More information about the samba mailing list