[Samba] Permission Issue
Benedikt Kaleß
benedikt.kaless at forumZFD.de
Thu Aug 29 10:17:14 UTC 2019
Hi,
I don't have the user root.
No changes :( Sometimes a user gets permissions, sometimes not.
This net conf is now running:
[global]
winbind refresh tickets = Yes
winbind use default domain = yes
template shell = /bin/bash
idmap config * : range = 1000000 - 1999999
idmap config EXAMPLE : backend = rid
idmap config EXAMPLE : range = 500 - 200000
hide dot files = yes
server string = FileServer %h (Samba %v)
map acl inherit = yes
inherit permissions = yes
workgroup = ZFD
netbios name = CLUSTER-HO
clustering = yes
security = ads
realm = EXAMPLE.com
store dos attributes = Yes
log level = 3
vfs objects = acl_xattr
[home]
comment = Home Directories
read only = no
browseable = yes
vfs objects = acl_xattr glusterfs
glusterfs:volume = gv-ho
glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
glusterfs:loglevel = 3
glusterfs:volfile_server = gluster1 gluster3
kernel share modes = no
path = /
[Fileshare]
comment = Fileshare
read only = no
vfs objects = acl_xattr glusterfs
glusterfs:volume = gv-ho
glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log
glusterfs:loglevel = 10
glusterfs:volfile_server = gluster1 gluster3
kernel share modes = no
path = /data/Files
Does this error in log.smbd give a hint?
[2019/08/29 12:14:24.765433, 2] ../source3/smbd/open.c:4045(open_directory)
open_directory: unable to create
testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations.
Error was NT_STATUS_OBJECT_NAME_COLLISION
[2019/08/29 12:14:24.765472, 3]
../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_NAME_COLLISION] || at
../source3/smbd/smb2_create.c:296
[2019/08/29 12:14:24.767517, 2] ../source3/smbd/dosmode.c:136(unix_mode)
unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms)
inheriting from
testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations
[2019/08/29 12:14:24.767603, 2] ../source3/smbd/dosmode.c:161(unix_mode)
unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms)
inherit mode 40770
[2019/08/29 12:14:24.767690, 3]
../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at
../source3/smbd/smb2_create.c:296
[2019/08/29 12:14:35.232651, 2]
../source3/smbd/close.c:802(close_normal_file)
ZFD\testuser closed file
testuser/AppData/Roaming/Microsoft/Windows/Recent/CustomDestinations/f18460fded109990.customDestinations-ms
(numopen=26) NT_STATUS_OK
Best regards
Bene
Am 29.08.19 um 11:17 schrieb Rowland penny via samba:
> On 29/08/2019 09:58, Benedikt Kaleß via samba wrote:
> > Hi,
> >
> > I have an old Fileserver which is working correct:
> >
> > This is the smb.conf:
> >
> > [global]
> > security = ads
> > realm = EXAMPLE.COM
> > workgroup = example
> > winbind refresh tickets = Yes
> > winbind use default domain = yes
> > template shell = /bin/bash
> > idmap config * : range = 1000000 - 1999999
> > idmap config ZFD : backend = rid
> > idmap config ZFD : range = 0 - 200000
> > hide dotfiles = yes
> > server string = Standalone server %h (Samba %v)
> > store dos attributes = yes
> > vfs objects = acl_xattr
> > inherit permissions = Yes
> >
> > Afterwards I set up the CTDB cluster and did an "rsync -alpAXvt" to copy
> > the data from the old Fileserver to the cluster
> >
> > net conf list:
> >
> > [global]
> > winbind refresh tickets = Yes
> > winbind use default domain = yes
> > template shell = /bin/bash
> > idmap config * : range = 1000000 - 1999999
> > idmap config ZFD : backend = rid
> > idmap config ZFD : range = 0 - 200000
> > hide dot files = yes
> > server string = forumZFD Daten server %h (Samba %v)
> > map acl inherit = yes
> > inherit permissions = yes
> > workgroup = EXAMPLE
> > netbios name = CLUSTER-HO
> > clustering = yes
> > security = ads
> > realm = EXAMPLE.COM
> > store dos attributes = Yes
> > log level = 3
> >
> > The users have often "permission denied" problems even though the
> > windows file explorer the group membership is shown and a gpresult /r
> > shows that membership. Sometimes everything works correct.
> >
> >
> I think I understand this, the first smb.conf is from the original
> fileserver, the second is from the cluster, if this is the case, we can
> ignore the first smb.conf.
>
> Are the DCs involved in the ctdb cluster, apart from providing
> authentication ?
>
> Do you have a user called 'root' in AD ? if so, remove it.
>
> Change this:
>
> idmap config ZFD : range = 0 - 200000
>
> to this:
>
> idmap config ZFD : range = 500 - 200000
>
> Add:
>
> vfs objects = acl_xattr
>
> Rowland
>
>
>
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list