[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource

Rowland Penny rpenny at samba.org
Thu Jul 5 12:23:03 UTC 2018 

On Thu, 5 Jul 2018 14:03:43 +0200
"Ing. Claudio Nicora via samba" <samba at lists.samba.org> wrote:

> I have a working Samba 4.7.6 DC with the default /sysvol
> and /netlogon shares.
> 
> These shares work perfectly and domain users can access them without
> any issue.
> 
> Now, to ease experimenting with config files and stuff (it's not a 
> production server), I've added a /rootdisk share (path=/) limiting
> its access ro root and domain admins:
> 
> ---------
> # cat /etc/samba/smb.conf
> [global]
>          bind interfaces only = Yes
>          interfaces = lo eth_lan
>          netbios name = SRVADDC
>          realm = SAMDOM.LOCAL
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = SAMDOM
>          #username map = /etc/samba/username.map
> 
> [netlogon]
>          path = /var/lib/samba/sysvol/samdom.it/scripts
>          read only = No
> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> [RootDisk]
>          path = /
>          read only = No
>          valid users = root SAMDOM\myuser @"SAMDOM\domain admins"
>          force user = root
>          force group = root
>          create mode = 0640
>          force create mode = 0640
> -----
> 
> It worked at first but now, after about 2 days, it stopped working
> and I can't connect to it from Windows anymore.
> 
>
> What shall I check?
> 

Your glasses (or lack of) ;-)

If you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server

You will find this:

If you must use the Samba DC as a fileserver, you should be aware that
the auto-enabled acl_xattr virtual file system (VFS) object enables you
to only configure shares with Windows access control lists (ACL).
Running shares with POSIX ACLs on a Samba DC is not supported and will
not work. 

Or to put it another way, you must set the permissions from Windows

This is one of the problems/features of using a DC as a fileserver.

Remove everything after the 'read only = No' line and read this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland

More information about the samba mailing list