[Samba] Permission Issue

L.P.H. van Belle belle at bazuin.nl
Wed Aug 28 13:56:08 UTC 2019


Hai,

First i must say, i dont use/know gluster. 

But I noticed you config (smb.conf) is a bit off. 

    store dos attributes = Yes 	<< is missing. 

And i would say setup netbios name and REALM in CAPS.
And 
>     smbd:search ask sharemode = no 
Should be : smbd search ask sharemod 
>> https://www.samba.org/samba/history/samba-4.10.0.html 
See smb.conf changes, 

What i dont know, but dont you need one or both of these. (vfs_modules) 
Because i also notice New glusterfs_fuse VFS module as "new" in the changelog.

See: 
man vfs_glusterfs
man vfs_glusterfs_fuse

Someone, who knows gluster, should give more info about this.
I cant.. (sorry), I cant know everything..  :-/ 

Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Benedikt Kaleß via samba
> Verzonden: woensdag 28 augustus 2019 11:22
> Aan: samba at lists.samba.org >> samba
> Onderwerp: [Samba] Permission Issue
> 
> Hi again,
> 
> regarding my post "plenty of vacuuuming process" a "gluster 
> volume heal"
> seems to improve the situation.
> 
> But I still have a strange problem:
> 
> Sometimes a user don't have permissions to  a restricted folder when h
> connects to a share or logs in at a windows client. In some times all
> permissions are granted. If the user creates a file, the user 
> and group
> is correctly set.
> 
> Im running Samba version 4.9.12-SerNet-Debian-15.stretch on 
> all 3 nodes.
> 
> I tried to enlarge the id range with no effects.
> 
> This is the output off net conf list:
> 
> [global]
>     winbind refresh tickets = Yes
>     winbind use default domain = yes
>     template shell = /bin/bash
>     idmap config * : range = 1000000 - 1999999
>     idmap config DOMAINNAME : backend = rid
>     idmap config DOMAINNAME : range = 1000 - 999999
>     hide dot files = yes
>     server string = Daten server %h (Samba %v)
>     vfs objects = acl_xattr
>     map acl inherit = yes
>     workgroup = DOMAINNAME
>     netbios name = cluster-ho
>     clustering = yes
>     security = ads
>     realm = zfd.forumzfd.de
>     smbd:search ask sharemode = no
> 
> [home]
>     path = /data/ho/
>     comment = Home Directories
>     read only = no
>     browseable = yes
> 
> [Ablage]
>     comment = DATA_Share
>     path = /data/ho/data
>     read only = no
> 
> 
> This is is the message in /var/log/samba/log.smbd:
> 
>  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_ACCESS_DENIED] || at 
> ../source3/smbd/smb2_getinfo.c:159
> 
> Thank you again for ideas or comments.
> 
> 
> Best regards
> 
> Bene
> 
> -- 
> ???forumZFD
> Entschieden für Frieden|Committed to Peace
> 
> Benedikt Kaleß
> Leiter Team IT|Head team IT
> 
> Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> Am Kölner Brett 8 | 50825 Köln | Germany  
> 
> Tel 0221 91273233 | Fax 0221 91273299 | 
> http://www.forumZFD.de 
> 
> Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
> Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, 
> Alexander Mauz  
> VR 17651 Amtsgericht Köln
> 
> Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list