[Samba] Hyper-V Virtual Machines fail to start on Samba shares

Fri Aug 5 07:50:15 UTC 2016

On Fri, 5 Aug 2016 08:38:09 +0200
Adam Błaszczykowski <adam.blaszczykowski at gmail.com> wrote:

> ok sorry for that, now should be ok :-D
> 
> *smb.conf:*
> [global]
>     workgroup = RES
>     netbios name = dsshp2
>     vfs objects = acl_xattr shadow_copy2 fileid
>     fileid:mapping = fsid
>     encrypt passwords = yes
>     domain logons = no
>     log level = 3
>     log file = /var/log/samba/log.%m
>     max log size = 6000
>     socket options = TCP_NODELAY IPTOS_LOWDELAY
>     os level = 0
>     local master = no
>     locking = yes
>     preferred master = no
>     domain master = no
>     invalid users = root
>     guest account = nobody
>     map to guest = Bad User
>     wide links = no
>     force unknown acl user = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind refresh tickets = yes
>     winbind request timeout = 200
>     printcap cache time = 0
>     passdb backend = tdbsam
>     unix extensions = no
>     server max protocol = SMB3
>     shadow: snapdir = .zfs/snapshot
>     shadow: sort = desc
>     shadow: format = autosnap_%Y-%m-%d-%H%M%S
>     shadow: localtime = yes
>     kernel oplocks = yes
>     store dos attributes = yes
>     veto files =
> /.nfs/._.DS_Store/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
> Items/Network Trash
> Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon?/.Ap$
>     wins server =
>     admin users = "RES+administrator"
>     idmap config * : backend = autorid
>     idmap config * : range = 1000000-19999999
>     idmap config * : rangesize = 1000000
>     security = ads
>     server role = member
>     realm = RES.LOCAL
>     workgroup = RES
>     allow trusted domains = yes
> [s1]
>     short preserve case=yes
>     inherit owner=no
>     valid users=
>     case sensitive=no
>     map acl inherit=yes
>     guest ok=yes
>     preserve case=yes
>     inherit permissions=yes
>     default case=lower
>     path=/Pools/Pool-0/d1/s1
>     read only=no
>     guest only=yes
>     access based share enum=no
>     writeable=yes
>     public=yes
> 

Lets start here:
    admin users = "RES+administrator"

You seem to be using '+' as the winbind separator, but the default is
'\' and I cannot see this line ' winbind separator = +' in your
smb.conf. You should also probably map 'Administrator' to 'root' with a
usermap.

Next your AD users & groups, you have this:

    idmap config * : backend = autorid
    idmap config * : range = 1000000-19999999
    idmap config * : rangesize = 1000000

The '*' range is for the BUILTIN users & groups etc, you do not seem to
have anywhere to map your normal users. Can I suggest you have a look
here:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

There are other minor things I would change, but the above are the main
ones.

Could you also please keep your posts on list.

Rowland