[Samba] Mapping subfolder of a samba share in Windows fails with access denied

Nicolas Zuber n.zuber at physik.uni-stuttgart.de
Tue Aug 22 11:21:31 UTC 2017 

> On Tue, 22 Aug 2017 10:59:53 +0200
> Nicolas Zuber via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I am trying to map a network drive on a Windows 7 client. It is
>> possible to map the shared folder, but as soon as I try to map a
>> subfolder, Windows shows an access denied message and prompts for
>> another username and password. The user has full control over the
>> subfolder (configured via the Windows security tab). The samba.log
>> shows:
>>
>> Aug 22 10:25:19 FILESERVER smbd[5409]:  Could not close dir!
>> fname=Software, fd=-1, err=1=Operation not permitted
>>
>> if the user tries to map the subfolder "Software" of the share
>> "\\file\data". Similar log messages can be seen in the logs of our
>> fileserver (Centos 7, Samba 4.6.6) if the user logs in/out on the
>> windows machine (roaming profiles and mapped Documents folder). This
>> happens in principle for all shares on our server (also the user and
>> profiles shares which where set up as described in the samba wiki) and
>> all users including the administrator account.
>>
>> The configuration of the samba active directory domain controller with
>> two example shares (Centos 7, Samba 4.6.6):
>>
> I take that the workgroup name should be 'PI5' instead of 'TEST'
> Also you have 'vfs objects = acl_xattr' in [global], so you don't need
> it in the shares. Both shares seem to be the same path, so why two
> shares ?
You are right, the workgroup name is 'PI5' and I will remove the
duplicated 'acl_xattr'. The path is the same, because samba is directly
accessing the gluster via gluster vfs without the fuse layer. As far as
I understood the path in this configuration is relative to the gluster
volume rather than to the local filesystem. Because I have two different
gluster volumes (users and shares), I need two different shares.
>
> As you seem to be using Posix ACLs on the shares, have you read this
> wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
>
> Rowland
>
>
Until know I set the permissions of files and folders with a Windows
client. For this I set the three parameters in the '[global]'
configuration section

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

as described in the samba wiki :
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

What part of the configuration indicates the use of Posix ACLS?

Regards
Nicolas

More information about the samba mailing list