[Samba] Samba 4.1 DFS Share only access by administrator

Daniel Müller mueller at tropenklinik.de
Wed Dec 4 03:16:54 MST 2013 

The Error logs when a user try to connect a share linked in dfs:

[2013/12/04 11:12:11.804551,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module samba_dsdb initialization failed : Operations error
[2013/12/04 11:12:11.804626,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: Unable
to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
[2013/12/04 11:12:11.804733,  0]
../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
  samdb_connect failed
[2013/12/04 11:12:11.804817,  0]
../source3/smbd/msdfs.c:338(create_conn_struct)
  VFS connect failed!
[2013/12/04 11:12:11.806657,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module partition initialization failed : Operations error
[2013/12/04 11:12:11.806748,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module show_deleted initialization failed : Operations error
[2013/12/04 11:12:11.806826,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module extended_dn_out_ldb initialization failed : Operations error
[2013/12/04 11:12:11.806900,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module linked_attributes initialization failed : Operations error
[2013/12/04 11:12:11.806982,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module repl_meta_data initialization failed : Operations error
[2013/12/04 11:12:11.807057,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module subtree_delete initialization failed : Operations error
[2013/12/04 11:12:11.807133,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module operational initialization failed : Operations error
[2013/12/04 11:12:11.807205,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module aclread initialization failed : Operations error
[2013/12/04 11:12:11.807298,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module acl initialization failed : Operations error
[2013/12/04 11:12:11.807377,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module descriptor initialization failed : Operations error
[2013/12/04 11:12:11.807448,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module objectclass initialization failed : Operations error
[2013/12/04 11:12:11.807518,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module asq initialization failed : Operations error
[2013/12/04 11:12:11.807588,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module server_sort initialization failed : Operations error
[2013/12/04 11:12:11.807660,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module paged_results initialization failed : Operations error
[2013/12/04 11:12:11.807730,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module dirsync initialization failed : Operations error
[2013/12/04 11:12:11.807801,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module schema_load initialization failed : Operations error
[2013/12/04 11:12:11.807871,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module rootdse initialization failed : Operations error
[2013/12/04 11:12:11.807941,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: module samba_dsdb initialization failed : Operations error
[2013/12/04 11:12:11.808031,  0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
  ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: Unable
to open tdb '/usr/local/samba/private/sam.ldb.d/DC=DIFAEM,DC=LOC.ldb'
[2013/12/04 11:12:11.808198,  0]
../source3/modules/vfs_dfs_samba4.c:81(dfs_samba4_connect)
  samdb_connect failed
[2013/12/04 11:12:11.808335,  0]
../source3/smbd/msdfs.c:338(create_conn_struct)
  VFS connect failed!

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Daniel Müller
Gesendet: Mittwoch, 4. Dezember 2013 10:30
An: samba at lists.samba.org
Betreff: [Samba] Samba 4.1 DFS Share only access by administrator

Dear all,

I am testeing the dfs functions with Samba4.
In my global section: host msdfs=yes
vfs objects = dfs_samba4
Later on setting a dfs root:

[dfs]
        path = /windows/dfs
        read only = No
        msdfs root = Yes

ls -s  the shares in this root.

lrwxrwxrwx  1 root root   19  2. Dez 09:29 difaem -> msdfs:linux2\difaem
lrwxrwxrwx  1 root root   20  2. Dez 09:29 leitung -> msdfs:linux2\leitung
lrwxrwxrwx  1 root root   30  2. Dez 09:30 programmassistenz ->
msdfs:linux2\programmassistenz


[root at linux2 windows]# getfacl dfs
# file: dfs
# owner: root
# group: root
user::rwx
user:root:rwx
group::r-x
group:root:r-x
group:users:r-x
group:3000002:rwx
group:DIFAEM\134Domain\040Admins:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:group:root:r-x
default:group:users:r-x
default:group:3000002:rwx
default:group:DIFAEM\134Domain\040Admins:rwx
default:mask::rwx
default:other::r-x


On the single shares the users can login without any issue.
When trying to connect over [dfs] access is denied. Only administrator can
login the shares!?

What has changed since samba3?

Greetings
Daniel

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list