[Samba] Mapping subfolder of a samba share in Windows fails with access denied

Nicolas Zuber n.zuber at physik.uni-stuttgart.de
Tue Aug 22 08:59:53 UTC 2017


Hi,

I am trying to map a network drive on a Windows 7 client. It is possible
to map the shared folder, but as soon as I try to map a subfolder,
Windows shows an access denied message and prompts for another username
and password. The user has full control over the subfolder (configured
via the Windows security tab). The samba.log shows:

Aug 22 10:25:19 FILESERVER smbd[5409]:  Could not close dir!
fname=Software, fd=-1, err=1=Operation not permitted

if the user tries to map the subfolder "Software" of the share
"\\file\data". Similar log messages can be seen in the logs of our
fileserver (Centos 7, Samba 4.6.6) if the user logs in/out on the
windows machine (roaming profiles and mapped Documents folder). This
happens in principle for all shares on our server (also the user and
profiles shares which where set up as described in the samba wiki) and
all users including the administrator account.

The configuration of the samba active directory domain controller with
two example shares (Centos 7, Samba 4.6.6):

[global]
        netbios name = DOMAINC
        realm = TEST.TESTDOMAIN.DE
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = TEST
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

        load printers = no

        bind interfaces only = yes
        interfaces = lo ens1f0

        tls enabled = yes
        tls keyfile = tls/domainc.test.testdomain.de.key.pem
        tls certfile = tls/domainc.test.testdomain.de.cert.pem
        tls cafile = tls/intermediate.cert.pem

        log level = 3
        log file = /var/log/samba.log

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/test.testdomain.de/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


And the fileserver config with two example shares:

[global]            
        workgroup = TEST                   
        realm =
TEST.TESTDOMAIN.DE                                          
        netbios name = FILE               
        security = ads                    
        idmap config *:range = 10000-19999
        idmap config pi5:backend = rid    
        idmap config pi5:range =
20000-1999999                                       
        vfs objects = acl_xattr           
        inherit acls = yes                
        store dos attributes = yes        
        map acl inherit = yes             
        template shell = /bin/bash        
        template homedir =
/gluster/mnt/users/%U                                     
        winbind use default domain = yes  
        winbind refresh tickets = yes     
        log file = /var/log/samba.log     
        username map =
/var/run/gluster/shared_storage/ctdb/usermap                  
        log level = 1

[users]                                                                                                                                                                     

        comment = User Home
Directories                                                                                                                                     

        path =
/                                                                                                                                                            

        kernel share modes =
No                                                                                                                                             

        create mask =
0700                                                                                                                                                  

        directory mask =
0700                                                                                                                                               

        read only =
No                                                                                                                                                      

        vfs objects = acl_xattr
glusterfs                                                                                                                                   

        glusterfs:volfile_server = 172.17.1.3
172.17.1.4                                                                                                                    

        glusterfs:loglevel =
1                                                                                                                                              

        glusterfs:logfile =
/var/log/samba/glusterfs-users.log                                                                                                              

        glusterfs:volume = users 

[data]                                                                                                                                                                      

        comment =
Data                                                                                                                                                      

        path =
/                                                                                                                                                            

        kernel share modes =
No                                                                                                                                             

        create mask =
0700                                                                                                                                                  

        directory mask =
0700                                                                                                                                               

        read only =
No                                                                                                                                                      

        vfs objects = acl_xattr
glusterfs                                                                                                                                   

        glusterfs:volume =
data                                                                                                                                             

        glusterfs:loglevel =
1                                                                                                                                              

        glusterfs:logfile =
/var/log/samba/glusterfs-data.log                                                                                                              

        glusterfs:volfile_server = 172.17.1.3 172.17.1.4

And the usermap file

!root = PI5\Administrator PI5\administrator Administrator administrator

Best Regards

Nicolas




More information about the samba mailing list