[Samba] Permission Issue
Benedikt Kaleß
benedikt.kaless at forumZFD.de
Thu Aug 29 07:16:51 UTC 2019
Hi,
this configuration doesn't make any differenc in daily life. So perhaps
an ID-Mapping problem?
an ldbsearch --url=/var/lib/samba/private/sam.ldb
shows
dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de
objectClass: top
objectClass: group
cn: Team
instanceType: 4
whenCreated: 20180731103742.0Z
uSNCreated: 3631
name: Team
objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585
objectSid: S-1-5-21-1996849273-3222042488-349429296-101163
sAMAccountName: Team
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
whenChanged: 20190723103748.0Z
uSNChanged: 39294
member::
Q049QmVuZWRpa3QgS2FsZcOfLE9VPVRlYW0gSVQgJiBGYWNpbGl0eSBNYW5hZ2VtZW50L
E9VPUV4ZWN1dGl2ZSBCb2FyZCBGaW5hbmNlXCwgSFJcLCBBZG1pbmlzdHJhdGlvbixPVT1ITyxPVT
1aRkQsREM9emZkLERDPWZvcnVtemZkLERDPWRl
member: CN=Testuser,OU=IRK,OU=ZFD,DC=zfd,DC=forumzfd,DC=de
distinguishedName: CN=Team,OU=HO,OU=,Example,DC=com,D
C=de
So, I assume that the uid on the ctdb and a standalone fileserver has to
be 101163, right?
The ctdb shows the uid 103150, the fileserver 102150
That can't be okay and I think I have to search further regarding this
issue.
Is there any offset configured?
Best
Bene
Am 29.08.19 um 08:46 schrieb L.P.H. van Belle via samba:
> Hai,
>
> Great to hear i could help one with a gluster problem :-)
>
> And ofcourse your allowed to keep us up2date.
> So yes, plese, by doing that and sharing the configs it might help other people.
>
> Greetz,
>
> Louis
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Benedikt Kaleß via samba
> > Verzonden: woensdag 28 augustus 2019 17:37
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Permission Issue
> >
> > Hi,
> >
> > of course you can not know everything :) I'm glad to have
> > your support!
> > Thank you.
> >
> > Actually I did a gluster_client fluse mount and set up the
> > share in the
> > registry "old fashioned".
> >
> > I changed that now to the following:
> >
> > [share]
> > comment = Archivdateien der Abteilung Projekte
> > read only = no
> > vfs objects = acl_xattr glusterfs
> > glusterfs:volume = gv-ho
> > glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
> > glusterfs:loglevel = 3
> > glusterfs:volfile_server = gluster1 gluster3
> > kernel share modes = no
> > path = /data/share
> >
> > Of course I added your recomondations as well like "store dos
> > attributes"...
> >
> > It looks good in the moment. But I will stay you updated here, if I'm
> > allowed to.
> >
> > Best regards
> >
> > Bene
> >
> >
> > Am 28.08.19 um 15:56 schrieb L.P.H. van Belle via samba:
> > > Hai,
> > >
> > > First i must say, i dont use/know gluster.
> > >
> > > But I noticed you config (smb.conf) is a bit off.
> > >
> > > store dos attributes = Yes << is missing.
> > >
> > > And i would say setup netbios name and REALM in CAPS.
> > > And
> > > > smbd:search ask sharemode = no
> > > Should be : smbd search ask sharemod
> > > >> https://www.samba.org/samba/history/samba-4.10.0.html
> > > See smb.conf changes,
> > >
> > > What i dont know, but dont you need one or both of these.
> > (vfs_modules)
> > > Because i also notice New glusterfs_fuse VFS module as
> > "new" in the changelog.
> > >
> > > See:
> > > man vfs_glusterfs
> > > man vfs_glusterfs_fuse
> > >
> > > Someone, who knows gluster, should give more info about this.
> > > I cant.. (sorry), I cant know everything.. :-/
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> > >
> > >
> > > > -----Oorspronkelijk bericht-----
> > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > > Benedikt Kaleß via samba
> > > > Verzonden: woensdag 28 augustus 2019 11:22
> > > > Aan: samba at lists.samba.org >> samba
> > > > Onderwerp: [Samba] Permission Issue
> > > >
> > > > Hi again,
> > > >
> > > > regarding my post "plenty of vacuuuming process" a "gluster
> > > > volume heal"
> > > > seems to improve the situation.
> > > >
> > > > But I still have a strange problem:
> > > >
> > > > Sometimes a user don't have permissions to a restricted
> > folder when h
> > > > connects to a share or logs in at a windows client. In
> > some times all
> > > > permissions are granted. If the user creates a file, the user
> > > > and group
> > > > is correctly set.
> > > >
> > > > Im running Samba version 4.9.12-SerNet-Debian-15.stretch on
> > > > all 3 nodes.
> > > >
> > > > I tried to enlarge the id range with no effects.
> > > >
> > > > This is the output off net conf list:
> > > >
> > > > [global]
> > > > winbind refresh tickets = Yes
> > > > winbind use default domain = yes
> > > > template shell = /bin/bash
> > > > idmap config * : range = 1000000 - 1999999
> > > > idmap config DOMAINNAME : backend = rid
> > > > idmap config DOMAINNAME : range = 1000 - 999999
> > > > hide dot files = yes
> > > > server string = Daten server %h (Samba %v)
> > > > vfs objects = acl_xattr
> > > > map acl inherit = yes
> > > > workgroup = DOMAINNAME
> > > > netbios name = cluster-ho
> > > > clustering = yes
> > > > security = ads
> > > > realm = zfd.forumzfd.de
> > > > smbd:search ask sharemode = no
> > > >
> > > > [home]
> > > > path = /data/ho/
> > > > comment = Home Directories
> > > > read only = no
> > > > browseable = yes
> > > >
> > > > [Ablage]
> > > > comment = DATA_Share
> > > > path = /data/ho/data
> > > > read only = no
> > > >
> > > >
> > > > This is is the message in /var/log/samba/log.smbd:
> > > >
> > > > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > > > status[NT_STATUS_ACCESS_DENIED] || at
> > > > ../source3/smbd/smb2_getinfo.c:159
> > > >
> > > > Thank you again for ideas or comments.
> > > >
> > > >
> > > > Best regards
> > > >
> > > > Bene
> > > >
> > > > --
> > > > ???forumZFD
> > > > Entschieden für Frieden|Committed to Peace
> > > >
> > > > Benedikt Kaleß
> > > > Leiter Team IT|Head team IT
> > > >
> > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> > > > Am Kölner Brett 8 | 50825 Köln | Germany
> > > >
> > > > Tel 0221 91273233 | Fax 0221 91273299 |
> > > > http://www.forumZFD.de
> > > >
> > > > Vorstand nach § 26 BGB,
> > einzelvertretungsberechtigt|Executive Board:
> > > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> > > > Alexander Mauz
> > > > VR 17651 Amtsgericht Köln
> > > >
> > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC
> > BFSWDE33XXX
> > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: https://lists.samba.org/mailman/options/samba
> > > >
> > > >
> > >
> > >
> > --
> > ???forumZFD
> > Entschieden für Frieden|Committed to Peace
> >
> > Benedikt Kaleß
> > Leiter Team IT|Head team IT
> >
> > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> > Am Kölner Brett 8 | 50825 Köln | Germany
> >
> > Tel 0221 91273233 | Fax 0221 91273299 |
> > http://www.forumZFD.de
> >
> > Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
> > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> > Alexander Mauz
> > VR 17651 Amtsgericht Köln
> >
> > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list