[Samba] Samba 4 permissions error
rpenny at samba.org
Tue Apr 26 17:22:47 UTC 2016
On 25/04/16 16:59, Jason Voorhees wrote:
> Hello guys.
> I have a Zentyal 4.2 server which runs Samba 4.3.5 and ACLs for every
> share. It's currently working fine, no isssues, everyone can access
> their folders without problems.
> I've built a Samba 4.3.5 server in a different host which is not a
> Zentyal server. I've configured this 2nd server as DC. Once a day I
> run a script to synchronize all shares from my Zentyal to this Samba
> 4.3.5 server using rsync -aAHS.
> I can see that all ACLs and permissions are correctly replicated to
> the destination server but I'm unable to access any shares there.
> When using a username for testing, I'm able to access a share on the
> origin server but I can't do it in the destination server. However, if
> I login with this user at the OS Linux (sudo su - username) I can
> access the UNIX directory without issues.
> It's strange how UNIX ACLs and permissions allow this username to
> access a certain directory but Samba doesn't even if the configuration
> of this share is exactly the same in both the origin and destination
> Samba server.
> This is a portion of the log I see when my username tries to access a
> share on the destiation server:
> [2016/04/25 10:42:33.861169, 3] ../source3/smbd/process.c:1490(switch_message)
> switch message SMBtrans2 (pid 10685) conn 0x55dc388d81b0
> [2016/04/25 10:42:33.861237, 3]
> chdir (/home/samba/shares/Central) failed, reason: Permission denied
> [2016/04/25 10:42:33.861279, 3] ../source3/smbd/error.c:82(error_packet_set)
> NT error packet at ../source3/smbd/process.c(1609) cmd=50
> (SMBtrans2) NT_STATUS_ACCESS_DENIED
> [2016/04/25 10:42:37.766316, 3] ../source3/smbd/process.c:1880(process_smb)
> OK, I know I haven't provided any extra info about my Samba
> configuration files or any other useful information. But as there's a
> lot of info I could share with all of you I'd like to know which info
> you might need to troubleshoot this.
> I hope someone can point me to some solution or procedure for fixing
> this problem.
> Thanks in advance
OK, you have two DCs, on one, your user can access a share, you
basically copy the shares to another DC (with all the same permissions
etc) and your user cannot access the share on the second DC.
How is AD set up ? are you using uidNumber & gidNumber attributes (you
will have added them manually) or are you using the xidNumbers created
automatically by Samba4.
If you have modified the smb.conf on the second DC, can you post this.
Can you post the smb.conf from your zential machine.
More information about the samba