[Samba] NT_STATUS_ACCESS_DENIED on a directory I have permission to access
Paul Griffith
paulg at eecs.yorku.ca
Thu May 2 19:24:11 UTC 2019
Hello,
I am testing Samba 4.9.7 before we upgrade our 4.8 domain member server.
I am running into a weird permission error with our test server. My home
directory is NFS mounted. The problem comes from a mail directory in my
home directory. I can't access it over SMB/CIFS, it gives me a
permission error. From another Linux host that has our home directories
NFS mounted, I can access it fine. Also, from our soon to be retired NT
Domain server, I can access the directory.
Home directory mounted with,
mount -t cifs //xxxx.xxxx.yorku.ca/homes /tmp/1 -o
user=paulg,uid=2381,gid=1000,domain=AD.ONE.EXAMPLE.CA
smbd_dirptr_get_entry mask=[*] found .AndroidStudio3.1
fname=.AndroidStudio3.1 (.AndroidStudio3.1)
[2019/05/02 12:28:31.276870, 3, pid=26508, effective(12508, 10513),
real(12508, 0)]
../source3/smbd/smb2_server.c:3202(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[STATUS_NO_MORE_FILES] || at
../source3/smbd/smb2_query_directory.c:158
[2019/05/02 12:28:33.578220, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:136(unix_mode)
unix_mode(mail) inheriting from .
[2019/05/02 12:28:33.578305, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:161(unix_mode)
unix_mode(mail) inherit mode 40755
[2019/05/02 12:28:36.537282, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:136(unix_mode)
unix_mode(mail) inheriting from .
[2019/05/02 12:28:36.537361, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:161(unix_mode)
unix_mode(mail) inherit mode 40755
[2019/05/02 12:28:36.538662, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:136(unix_mode)
unix_mode(mail) inheriting from .
[2019/05/02 12:28:36.538737, 2, pid=26508, effective(12508, 10513),
real(12508, 0)] ../source3/smbd/dosmode.c:161(unix_mode)
unix_mode(mail) inherit mode 40755
[2019/05/02 12:28:36.538956, 3, pid=26508, effective(12508, 10513),
real(12508, 0)]
../source3/smbd/smb2_server.c:3202(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_create.c:296
From Linux side of things, it looks good. Permissions are correct.
jazzy 43 % ls -lad mail
drwx------ 2 paulg tech 62 Sep 21 2018 mail
jazzy 44 % cd mail
jazzy 45 % ls -l
total 0
-rw------- 1 paulg tech 0 Apr 9 13:54 Drafts
-rw------- 1 paulg tech 0 Apr 9 13:54 Sent
-rw------- 1 paulg tech 0 Apr 9 13:54 Templates
-rw------- 1 paulg tech 0 Apr 9 13:54 Trash
I am at a lost concerning this one, any pointers?
Thanks
Paul
---- files server ----
[global]
security = ADS
workgroup = ONEEXAMPLECA
realm = AD.ONE.EXAMPLE.CA
server string = Samba Server
hostname lookups = yes
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# - You must set a DOMAIN backend configuration
# idmap config for the ONEEXAMPLECA domain
idmap config ONEEXAMPLECA : backend = rid
idmap config ONEEXAMPLECA : range = 10000-999999
winbind use default domain = yes
local master = No
#log files
debug timestamp = yes
debug uid = yes
debug pid = yes
debug level = 3
max log size = 0
username map = /xconf/samba/usermap
#ip networking
max connections = 0
interfaces = 127.0.0.1 130.xx.xx.xx
bind interfaces only = yes
#printing
load printers = no
printcap name = /xconf/lprng/printcap
printing = bsd
print command = /xsys/bin/lpr -b -P%p %s ; rm -f %s
lpq command = /xsys/bin/lpq -P%p
lprm command = /xsys/bin/lprm -P%p %j
use client driver = yes
# Template settings for login shell and home directory
template shell = /bin/bash
template homedir = /eecs/home/%U
# security settings
guest account = nobody
invalid users = root
nt acl support = yes
inherit permissions = yes
client lanman auth = no
client ntlmv2 auth = yes
wide links = no
unix extensions = no
[homes]
comment = Home Directories
browseable = yes
read only = no
valid users = %S
csc policy = disable
invalid users = activ8
oplocks = no
level2 oplocks = no
strict locking = no
posix locking = no
More information about the samba
mailing list