[Samba] Sysvol: users - access denied

Bouke J. Henstra bouke at ict-diensten.com
Sat Dec 19 22:12:32 UTC 2015 

Hello,

I have a question regarding to access permissions.

Recently I have upgraded my DC from version 41.12 to 4.1.21. This weekend I
have decided to upgrade to 4.3.3.

I have noticed that my users weren't able to access the sysvol share after
the upgraded to 4.3.3.

As a test I have created a new user "test" and I was able to open the
sysvol share without any issues.

Next I have recreated my own user account (delete user, create user) and
everything works like a charm... but not for my other users.

I would like to know why these users aren't able to access the sysvol share.

In the AD console the other user accounts look the similar: same group
memberships.

I have tried the "samba-tool ntacl sysvolreset" command but this did not
help to resolve the issue.

​I have read the steps which I had found at "
https://wiki.samba.org/index.php/Updating_Samba"​ but these steps did not
help me to resolve the issue too (as I could not find issues).

The users "test" + the recreated user "bouke" work fine now. I did not
recreated user account "renate" as I would like to know if it is able to
fix this user's access to sysvol manually (without recreating the user). Or
is it possible to overwrite the user account for Renate with defaults
without recreating the account?

I have noticed that Windows asks me for Renate's username + password after
I am logged in (Windows 10) and trying to access
\\srv001.alpha.inet\sysvol​
​.

I would like to know how I could troubleshoot this matter, what could cause
this and how I could fix it.

I have copied some lines from the log file. I am hoping that these are
relevant.
I have also copied some lines from the console - I have verified the group
memberships with wbinfo. I think these look okay.

Thank you for your help.​

[2015/12/19 22:47:00.113129, 2] ../source3/smbd/open.c:1005(open_file)

ALPHA\renate opened file renate/My Documents/My Pictures/desktop.ini
read=No write=No (numopen=3) [2015/12/19 22:47:00.141442, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\bouke closed file
bouke/Desktop/OpenOffice Calc.lnk (numopen=11) NT_STATUS_OK [2015/12/19
22:47:00.148576, 2] ../source3/smbd/close.c:780(close_normal_file)
ALPHA\renate closed file renate/My Documents/My Pictures/desktop.ini
(numopen=2) NT_STATUS_OK [2015/12/19 22:47:00.149778, 2]
../source3/smbd/open.c:1005(open_file) ALPHA\bouke opened file
bouke/Desktop/OpenOffice Calc.lnk read=No write=No (numopen=12) [2015/12/19
22:47:00.212121, 2] ../source3/smbd/open.c:1005(open_file) ALPHA\renate
opened file renate/My Documents/My Pictures/desktop.ini read=No write=No
(numopen=3) [2015/12/19 22:47:00.333266, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\bouke closed file
bouke/Desktop/OpenOffice Calc.lnk (numopen=11) NT_STATUS_OK [2015/12/19
22:47:00.333948, 2] ../source3/smbd/close.c:780(close_normal_file)
ALPHA\renate closed file renate/My Documents/My Pictures/desktop.ini
(numopen=2) NT_STATUS_OK [2015/12/19 22:47:00.337362, 2]
../source3/smbd/open.c:1005(open_file) ALPHA\renate opened file renate/My
Documents/My Pictures/desktop.ini read=No write=No (numopen=3) [2015/12/19
22:47:00.532273, 2] ../source3/smbd/close.c:780(close_normal_file)
ALPHA\renate closed file renate/My Documents/My Pictures/desktop.ini
(numopen=2) NT_STATUS_OK [2015/12/19 22:47:00.532821, 2]
../source3/smbd/open.c:1005(open_file) ALPHA\bouke opened file
bouke/Desktop/OpenOffice Writer.lnk read=No write=No (numopen=12)
[2015/12/19 22:47:00.537035, 2] ../source3/smbd/open.c:1005(open_file)
ALPHA\renate opened file renate/My Documents/My Pictures/desktop.ini
read=Yes write=No (numopen=3) [2015/12/19 22:47:00.537134, 3]
../source3/smbd/oplock_linux.c:155(linux_set_kernel_oplock)
linux_set_kernel_oplock: got kernel oplock on file renate/My Documents/My
Pictures/desktop.ini, file_id = fc00:29c1dfc:0 gen_id = 888224576
[2015/12/19 22:47:00.558468, 3]
../source3/smbd/smb2_read.c:413(smb2_read_complete) smbd_smb2_read: fnum
459648465, file renate/My Documents/My Pictures/desktop.ini, length=520
offset=0 read=520 [2015/12/19 22:47:00.566730, 2]
../source3/smbd/open.c:1005(open_file) ALPHA\renate opened file renate/My
Documents/My Pictures/desktop.ini read=No write=No (numopen=4) [2015/12/19
22:47:00.567591, 2] ../source3/smbd/close.c:780(close_normal_file)
ALPHA\bouke closed file bouke/Desktop/OpenOffice Writer.lnk (numopen=11)
NT_STATUS_OK [2015/12/19 22:47:00.569662, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\renate closed file
renate/My Documents/My Pictures/desktop.ini (numopen=3) NT_STATUS_OK
[2015/12/19 22:47:00.571575, 2] ../source3/smbd/open.c:1005(open_file)
ALPHA\bouke opened file bouke/Desktop/OpenOffice Writer.lnk read=No
write=No (numopen=12) [2015/12/19 22:47:00.573297, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\renate closed file
renate/My Documents/My Pictures/desktop.ini (numopen=2) NT_STATUS_OK
[2015/12/19 22:47:00.576533, 2] ../source3/smbd/open.c:1005(open_file)
ALPHA\renate opened file renate/My Documents/My Pictures/desktop.ini
read=Yes write=No (numopen=3) [2015/12/19 22:47:00.576651, 3]
../source3/smbd/oplock_linux.c:155(linux_set_kernel_oplock)
linux_set_kernel_oplock: got kernel oplock on file renate/My Documents/My
Pictures/desktop.ini, file_id = fc00:29c1dfc:0 gen_id = 1048579373
[2015/12/19 22:47:00.586313, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\bouke closed file
bouke/Desktop/OpenOffice Writer.lnk (numopen=11) NT_STATUS_OK [2015/12/19
22:47:00.587248, 2] ../source3/smbd/open.c:1005(open_file) ALPHA\renate
opened file renate/My Documents/My Pictures/desktop.ini read=No write=No
(numopen=4) [2015/12/19 22:47:00.611137, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\renate closed file
renate/My Documents/My Pictures/desktop.ini (numopen=3) NT_STATUS_OK
[2015/12/19 22:47:00.614821, 2] ../source3/smbd/open.c:1005(open_file)
ALPHA\bouke opened file bouke/Desktop/Opera.lnk read=No write=No
(numopen=12) [2015/12/19 22:47:00.623441, 3]
../source3/smbd/open.c:881(open_file) Error opening file renate/My
Documents/My Pictures/desktop.ini (NT_STATUS_NETWORK_BUSY)
(local_flags=2048) (flags=2048) [2015/12/19 22:47:00.623715, 3]
../source3/smbd/oplock.c:648(initial_break_processing)
initial_break_processing: called for fc00:29c1dfc:0/1048579373 Current
oplocks_open (exclusive = 7, levelII = 0) [2015/12/19 22:47:00.623812, 3]
../source3/smbd/oplock.c:648(initial_break_processing)
initial_break_processing: called for fc00:29c1dfc:0/1048579373 Current
oplocks_open (exclusive = 7, levelII = 0) [2015/12/19 22:47:00.623848, 3]
../source3/smbd/oplock.c:1005(process_kernel_oplock_break) Got a kernel
oplock request while waiting for a break reply [2015/12/19 22:47:00.726924,
2] ../source3/smbd/open.c:1005(open_file) ALPHA\renate opened file
renate/My Documents/My Pictures/desktop.ini read=Yes write=No (numopen=4)
[2015/12/19 22:47:00.848688, 2]
../source3/smbd/close.c:780(close_normal_file) ALPHA\bouke closed file
bouke/Desktop/Opera.lnk (numopen=11) NT_STATUS_OK [2015/12/19
22:47:00.851135, 3] ../source3/lib/util.c:1181(fcntl_getlock)
fcntl_getlock: fd 57 is returned info 2 pid 0 [2015/12/19 22:47:00.851176,
3] ../source3/smbd/smb2_read.c:413(smb2_read_complete) smbd_smb2_read: fnum
3879432779, file renate/My Documents/My Pictures/desktop.ini, length=520
offset=0 read=520 [2015/12/19 22:47:00.853536, 2]
../source3/smbd/open.c:1005(open_file) ALPHA\bouke opened file
bouke/Desktop/Opera.lnk read=No write=No (numopen=12)


[..]

[2015/12/19 22:47:07.994002,  3]
../source3/smbd/service.c:614(make_connection_snum)

  Connect path is '/usr/local/samba/var/locks/sysvol' for service [sysvol]

[2015/12/19 22:47:07.994109,  3] ../source3/smbd/vfs.c:113(vfs_init_default)

  Initialising default vfs hooks

[2015/12/19 22:47:07.994141,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [/[Default VFS]/]

[2015/12/19 22:47:07.994154,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [acl_xattr]

[2015/12/19 22:47:07.994203,  2]
../source3/smbd/close.c:780(close_normal_file)

  ALPHA\bouke closed file bouke/Desktop/PuTTY.lnk (numopen=22) NT_STATUS_OK

[2015/12/19 22:47:07.994375,  2]
../source3/smbd/close.c:780(close_normal_file)

  ALPHA\renate closed file renate/Desktop/desktop.ini (numopen=6)
NT_STATUS_OK

[2015/12/19 22:47:07.996611,  2]
../lib/util/modules.c:196(do_smb_load_module)

  Module 'acl_xattr' loaded

[2015/12/19 22:47:07.996640,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)

  Initialising custom vfs hooks from [dfs_samba4]

[2015/12/19 22:47:07.996660,  2]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)

  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service sysvol

[2015/12/19 22:47:07.999610,  3]
../source3/smbd/oplock_linux.c:251(linux_init_kernel_oplocks)

  Linux kernel oplocks enabled

[2015/12/19 22:47:07.999823,  2]
../source3/smbd/service.c:864(make_connection_snum)

  172.16.24.194 (ipv4:172.16.24.194:50845) connect to service sysvol
initially as user ALPHA\renate (uid=3000036, gid=100) (pid 7121)

[2015/12/19 22:47:08.351737,  3] ../source3/smbd/dir.c:628(dptr_create)

  creating new dirptr 0 for path renate/My Documents/My Pictures,
expect_close = 0

[2015/12/19 22:47:08.351961,  3]
../source3/smbd/dir.c:1187(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found renate/My Documents/My Pictures/.
fname=. (.)

[2015/12/19 22:47:08.352052,  3]
../source3/smbd/dir.c:1187(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found renate/My Documents/My Pictures/..
fname=.. (..)

[2015/12/19 22:47:08.353296,  3]
../source3/smbd/dir.c:1187(smbd_dirptr_get_entry)



root at srv001:/usr/local/samba/bin# ./wbinfo -n bouke
S-1-5-21-1489937584-2541206552-3137005897-1135 SID_USER (1)
root at srv001:/usr/local/samba/bin#
./wbinfo --user-sids=S-1-5-21-1489937584-2541206552-3137005897-1135
S-1-5-21-1489937584-2541206552-3137005897-1135
S-1-5-21-1489937584-2541206552-3137005897-513
S-1-5-21-1489937584-2541206552-3137005897-1124 S-1-5-32-545
root at srv001:/usr/local/samba/bin#
./wbinfo -n test S-1-5-21-1489937584-2541206552-3137005897-1134 SID_USER
(1) root at srv001:/usr/local/samba/bin# ./wbinfo
--user-sids=S-1-5-21-1489937584-2541206552-3137005897-1134
S-1-5-21-1489937584-2541206552-3137005897-1134
S-1-5-21-1489937584-2541206552-3137005897-513
S-1-5-21-1489937584-2541206552-3137005897-1124 S-1-5-32-545
root at srv001:/usr/local/samba/bin#
./wbinfo -n renate S-1-5-21-1489937584-2541206552-3137005897-1120 SID_USER
(1) root at srv001:/usr/local/samba/bin# ./wbinfo
--user-sids=S-1-5-21-1489937584-2541206552-3137005897-1120
S-1-5-21-1489937584-2541206552-3137005897-1120
S-1-5-21-1489937584-2541206552-3137005897-513
S-1-5-21-1489937584-2541206552-3137005897-1124 S-1-5-32-545


Met vriendelijke groet, kind regards,

Bouke J. Henstra

E bouke at ict-diensten.com

-- 

This message (and any associated files) may contain confidential and/or 
privileged information. If you are not the intended recipient or authorized 
to receive this for the intended recipient, you must not use, copy, 
disclose or take any action based on this message or any information 
herein. If you have received this message in error, please advise the 
sender immediately by sending a reply e-mail and delete this message. Thank 
you for your cooperation.

More information about the samba mailing list