[Samba] Mapping subfolder of a samba share in Windows fails with access denied
Nicolas Zuber
n.zuber at physik.uni-stuttgart.de
Tue Aug 22 08:59:53 UTC 2017
Hi,
I am trying to map a network drive on a Windows 7 client. It is possible
to map the shared folder, but as soon as I try to map a subfolder,
Windows shows an access denied message and prompts for another username
and password. The user has full control over the subfolder (configured
via the Windows security tab). The samba.log shows:
Aug 22 10:25:19 FILESERVER smbd[5409]: Could not close dir!
fname=Software, fd=-1, err=1=Operation not permitted
if the user tries to map the subfolder "Software" of the share
"\\file\data". Similar log messages can be seen in the logs of our
fileserver (Centos 7, Samba 4.6.6) if the user logs in/out on the
windows machine (roaming profiles and mapped Documents folder). This
happens in principle for all shares on our server (also the user and
profiles shares which where set up as described in the samba wiki) and
all users including the administrator account.
The configuration of the samba active directory domain controller with
two example shares (Centos 7, Samba 4.6.6):
[global]
netbios name = DOMAINC
realm = TEST.TESTDOMAIN.DE
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = TEST
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
load printers = no
bind interfaces only = yes
interfaces = lo ens1f0
tls enabled = yes
tls keyfile = tls/domainc.test.testdomain.de.key.pem
tls certfile = tls/domainc.test.testdomain.de.cert.pem
tls cafile = tls/intermediate.cert.pem
log level = 3
log file = /var/log/samba.log
[netlogon]
path = /usr/local/samba/var/locks/sysvol/test.testdomain.de/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
And the fileserver config with two example shares:
[global]
workgroup = TEST
realm =
TEST.TESTDOMAIN.DE
netbios name = FILE
security = ads
idmap config *:range = 10000-19999
idmap config pi5:backend = rid
idmap config pi5:range =
20000-1999999
vfs objects = acl_xattr
inherit acls = yes
store dos attributes = yes
map acl inherit = yes
template shell = /bin/bash
template homedir =
/gluster/mnt/users/%U
winbind use default domain = yes
winbind refresh tickets = yes
log file = /var/log/samba.log
username map =
/var/run/gluster/shared_storage/ctdb/usermap
log level = 1
[users]
comment = User Home
Directories
path =
/
kernel share modes =
No
create mask =
0700
directory mask =
0700
read only =
No
vfs objects = acl_xattr
glusterfs
glusterfs:volfile_server = 172.17.1.3
172.17.1.4
glusterfs:loglevel =
1
glusterfs:logfile =
/var/log/samba/glusterfs-users.log
glusterfs:volume = users
[data]
comment =
Data
path =
/
kernel share modes =
No
create mask =
0700
directory mask =
0700
read only =
No
vfs objects = acl_xattr
glusterfs
glusterfs:volume =
data
glusterfs:loglevel =
1
glusterfs:logfile =
/var/log/samba/glusterfs-data.log
glusterfs:volfile_server = 172.17.1.3 172.17.1.4
And the usermap file
!root = PI5\Administrator PI5\administrator Administrator administrator
Best Regards
Nicolas
More information about the samba
mailing list