[Samba] Samba CIFS Mounts with Kerberos Security: Write Access denied

Rowland Penny rpenny at samba.org
Tue Nov 6 09:32:13 UTC 2018


On Tue, 6 Nov 2018 08:37:29 +0000
"Kraus, Sebastian via samba" <samba at lists.samba.org> wrote:

> Hi all,
> 
> 
> I am testing different setups for Samba home share mounts via the
> CIFS protocol on Linux clients with and without Keberos security (both
> krb5 and krb5i). I am experiencing some strange behaviour in case of
> Kerberos authentication:
> 
> In case of mounts (by root or the user itself) without Kerberos
> security (only
> NTLMv2 authentication), local root and the owning user on the Linux
> client is
> granted read and write access for the files within the mounted tree.
> However,
> while using Kerberos security, ever user - even the owner of the
> files on the
> mount - is denied write access to the files on the mount. Reading
> access is still
> granted as expected/supposed.
> 
> The logging for the client machine on the Samba server side shows
> errors of
> the following type, while a user owned smbd process tries to access
> files in a
> writing manner:
> 
> [2018/11/06 08:39:49.839769,  5, pid=15886, effective(1166435, 8875),
> real(1166435, 0)] ../source3/smbd/open.c:317(check_parent_access)
> check_parent_access: access check on directory . for path yess for
> mask 0x2 returned (0x2) NT_STATUS_ACCESS_DENIED [...] [2018/11/06
> 08:39:49.840334,  3, pid=15886, effective(1166435, 8875),
> real(1166435, 0)] ../source3/smbd/error.c:82(error_packet_set) NT
> error packet at ../source3/smbd/error.c(165) cmd=50 (SMBtrans2)
> NT_STATUS_ACCESS_DENIED
> 
> 
> Any suggestions about the possible root cause of the problem?
> 

A bit more info might help ;-)

What OS ?
What version of Samba ?
Packages or self-compiled ?
What is in smb.conf ?
Anything else you think might be relevant.

Rowland



More information about the samba mailing list