[Samba] canonicalize_connect_path failed for service

Rob Thoman emailthomasrob at gmail.com
Mon Apr 23 12:24:27 UTC 2018


Hi Rowland,

Sorry about the confusion. I was referring to Samba PDC which we
classicupgraded to AD DC. So it is AD DC
The ranges don't overlap, there was a typo, it was meant to
 idmap config * : range = 3000-7999
 idmap config CDR:range = 10000-110000

getent passwd of the users in member server gives me
user01:3029:3000:

The uid number of the user in question according to AD is 1070. gid number
of groups starts from 10000.
The version of Samba in the member server is 3.6. I've added the  winbind
nss info = rfc2307  bit

       idmap config * : backend = tdb
       idmap config * : range = 3000-7999
        winbind use default domain = yes
        winbind nss info = rfc2307
        idmap config CDR:backend = ad
        idmap config CDR:schema_mode = rfc2307
        idmap config CDR:range = 11000-12000
        winbind use default domain = yes

  I did the above changes, reloaded the Samba config and got the same result

canonicalize_connect_path failed for service user01, path
/home/CDR/user01/samba
I also have the following
connect to service data initially as user CDR\user01(uid=3029, gid=3000)
(pid 5620)
Had some errors about the wide links so have removed them
 Share 'user01 has wide links and unix extensions enabled. These parameters
are incompatible. Wide links will be disabled for this share

RT










On Mon, Apr 23, 2018 at 8:48 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 23 Apr 2018 20:09:50 +1000
> Rob Thoman <emailthomasrob at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > We did the classicupgrade. Post the classicupgrade, we added a Windows
> > 2008R2 server and dcpomo'd it.  The original Samba box (classic DC)
>
> It is the 'classic DC' that is throwing me, do you mean the original
> PDC, or are you referring to the Samba AD DC that .classicupgrade'
> produces ? if it is a PDC, then yes, turn it off or turn it into a Unix
> domain member. If it is a Samba AD DC, then please stop using the term
> 'classic DC' because it is confusing.
>
> > was where we did the classicupgrade.  Did you mean that we need to
> > shut that box down? Leaving a Windows DC  (FSMO?) and Samba member
> > server? Sorry I was not aware of this step.  What if we hadn't added
> > a Windows 08 box?
>
> A Samba AD DC is just an AD DC, just as a Windows AD DC is just an AD
> DC.
>
> I have reorganised the [global] part of your smb.conf and added
> comments:
>
> # Global parameters
> [global]
>        netbios name = CDR-FS01
>        security = ADS
>        workgroup = CDR
>        realm = CDR.INTERNAL
>
>        winbind use default domain = yes
>        winbind enum users = yes
>        winbind enum groups = yes
>
> You do not need the above two lines, they do two things:
> They make 'getent passwd' & 'getent group' show all records, this isn't
> required.
> They slow things down.
>
>        idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>        idmap config CDR:backend = ad
>        idmap config CDR:schema_mode = rfc2307
>        idmap config CDR:range = 5000-6000
>
> The ranges cannot overlap.
> Do your users & groups have uidNumber & gidNumber attributes
> containing numbers inside the '3000-7999' or '5000-6000' ranges ?
> Based on what the user & group numbers are, will give you what the
> range for 'CDR' should be. The '*' domain is for the Well Known SIDS
> and anything outside the 'CDR' domain.
>
> Also the 'idmap config' lines for 'CDR' may be incorrect, depending on
> what version of Samba you are using, can I suggest you read this wiki
> page:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
>
>         log level = 2 auth:5
>         log file = /var/log/samba/sambalog.%m
>         logon script = %U.bat
>
> You don't use 'logon script' with AD, you just put the script in
> netlogon.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list