[Samba] canonicalize_connect_path failed for service

Rob Thoman emailthomasrob at gmail.com
Mon Apr 23 10:09:50 UTC 2018


Hi Rowland,

We did the classicupgrade. Post the classicupgrade, we added a Windows
2008R2 server and dcpomo'd it.  The original Samba box (classic DC) was
where we did the classicupgrade.  Did you mean that we need to shut that
box down? Leaving a Windows DC  (FSMO?) and Samba member server? Sorry I
was not aware of this step.  What if we hadn't added a Windows 08 box?


Here is the smb.conf

# Global parameters
[global]
       netbios name = CDR-FS01
       security = ADS
       workgroup = CDR
       realm = CDR.INTERNAL
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
idmap config CDR:backend = ad
idmap config CDR:schema_mode = rfc2307
idmap config CDR:range = 5000-6000

        log level = 2 auth:5
        log file = /var/log/samba/sambalog.%m
        logon script = %U.bat

[homes]
        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        browseable = No
        read only = No
        path = %H/samba
       follow symlinks = yes
       wide links = yes


I've tried both files winbind and the reverse. Same results.







On Mon, Apr 23, 2018 at 6:22 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 23 Apr 2018 16:48:15 +1000
> Rob Thoman via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > Our setup:
> >
> > Samba (classic) DC: cdr-dc01
> > Samba (classic) member server: cdr-fs01. This is also a file server
> > AD realm: CDR.internal
> >
> > We migrated to AD and came across an issue with accessing shares. The
> > shares in question worked pre-migrated. i.e using a windows machine a
> > user was able to access that share. The share in question was locked
> > down to just that user
> >
> > Post migration, we are able to access any shares which are not locked
> > down to users i.e shares which are accessible to groups.
> >
> > For the particular share in question, we get
> >
> >  canonicalize_connect_path failed for service user01, path
> > /home/CDR/user01/samba
> >
> > There is no /home/CDR .
>
> Oh yes there is ;-)
>
> > Where is this coming from?
>
> From 'template homedir', it is the default setting.
>
> > The curios thing getent passwd gives the following
> > user01:*:3029:3000:user01:/home/CDR/user01:/bin/false
> >
> > The user is not in the local /etc/passwd
>
> As it it shouldn't be
>
> >
> >
> > The cdr-fs01 has been joined to the AD domain, and we have the
> > following in /etc/nsswitch.conf
> >
> > shadow:        files
> > passwd:        winbind files
> > group:           winbind files
>
> It should be 'files winbind'
>
> What is the AD DC ?
>
> Can you please post the smb.conf from 'cdr-fs01'
>
> How did you migrate ? did you use 'samba-tool domain classicupgrade' ?
> If you did is the original PDC still running as a PDC ? if so, turn it
> off.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list