[Samba] Samba CIFS Mounts with Kerberos Security: Write Access denied

Kraus, Sebastian sebastian.kraus at tu-berlin.de
Tue Nov 6 08:37:29 UTC 2018


Hi all,


I am testing different setups for Samba home share mounts via the

CIFS protocol on Linux clients with and without Keberos security (both

krb5 and krb5i). I am experiencing some strange behaviour in case of

Kerberos authentication:


In case of mounts (by root or the user itself) without Kerberos security (only

NTLMv2 authentication), local root and the owning user on the Linux client is

granted read and write access for the files within the mounted tree. However,

while using Kerberos security, ever user - even the owner of the files on the

mount - is denied write access to the files on the mount. Reading access is still

granted as expected/supposed.

The logging for the client machine on the Samba server side shows errors of

the following type, while a user owned smbd process tries to access files in a

writing manner:


[2018/11/06 08:39:49.839769,  5, pid=15886, effective(1166435, 8875), real(1166435, 0)] ../source3/smbd/open.c:317(check_parent_access)
  check_parent_access: access check on directory . for path yess for mask 0x2 returned (0x2) NT_STATUS_ACCESS_DENIED
[...]
[2018/11/06 08:39:49.840334,  3, pid=15886, effective(1166435, 8875), real(1166435, 0)] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/error.c(165) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED


Any suggestions about the possible root cause of the problem?


Best

Sebastian



Sebastian Kraus
Team IT am Institut für Chemie
Gebäude C, Straße des 17. Juni 115, Raum C7

Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin

Email: sebastian.kraus at tu-berlin.de



More information about the samba mailing list