[Samba] samba
Christopher Wensink
cwensink at five-star-plastics.com
Fri Aug 28 15:49:40 UTC 2020
Hello,
Thank you everyone in advance for your time and support I am the
Administrator of a small network, with about 60 desktops (mostly windows
10) that connect to a Linux VM running samba for file sharing). In the
last few months I completed the transition from the Samba server running
as a vm on an OpenVZ machine. It was running Centos 6, with an older
version of samba. Now the server has been migrated to a vmware esxi
server, with the same amount of provisioned CPU and Ram resources, and a
bigger hard drive, running Centos 7 with Samba 4.10.4.
Basically the migration involved setting up a new vmware VM,
provisioning CPU, ram and hard drive space, installing CentOS 7,
re-creating all user accounts and permissions and then using rsync to
move all of the data over from the old to the new server (about 2 TB)
Since moving to CentOS 7 and Samba 4.10.4 I have had many entries in
/var/log/messages that look like this:
--
Aug 28 10:22:27 luigi2 smbd[118071]: [2020/08/28 10:22:27.284420,
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:22:27 luigi2 smbd[118071]: FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/documents/<share>, failed - NT_STATUS_ACCESS_DENIED.
Aug 28 10:24:29 luigi2 smbd[127904]: [2020/08/28 10:24:29.937661,
0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
Aug 28 10:24:29 luigi2 smbd[127904]: access denied on listing
snapdir /shares/.snapshots
Aug 28 10:24:29 luigi2 smbd[127904]: [2020/08/28 10:24:29.937809,
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:24:29 luigi2 smbd[127904]: FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/documents/<share>, failed - NT_STATUS_ACCESS_DENIED.
Aug 28 10:24:31 luigi2 smbd[127904]: [2020/08/28 10:24:31.574700,
0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
Aug 28 10:24:31 luigi2 smbd[127904]: access denied on listing
snapdir /shares/.snapshots
Aug 28 10:24:31 luigi2 smbd[127904]: [2020/08/28 10:24:31.574837,
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:24:31 luigi2 smbd[127904]: FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/users/<share>, failed - NT_STATUS_ACCESS_DENIED.
--------
in /var/log/samba I have log files set up per machine as
/var/log/samba/log.<machinename>
All of the log files have similar entries with different directory paths
that look like this:
[2020/08/28 10:21:13.481207, 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:21:13.481754, 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/documents/<share>,
failed - NT_STATUS_ACCESS_DENIED.
[2020/08/28 10:24:29.937661, 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:24:29.937809, 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/documents/<share>,
failed - NT_STATUS_ACCESS_DENIED.
[2020/08/28 10:24:31.574700, 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:24:31.574837, 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/users/<share>,
failed - NT_STATUS_ACCESS_DENIED.
The basic share for documents is /shares/documents/<dept> such as mfg etc
The shares for users are in /shares/users/<username>
smb.conf:
------------------------------------------------------
#======================= Global Settings
=====================================
[global]
workgroup = FSP
server string = Luigi Samba Server Version %v
netbios name = LUIGI
server min protocol = NT1
lanman auth = yes
ntlm auth = yes
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 1024
# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = user
passdb backend = tdbsam
# ----------------------- Browser Control Options
----------------------------
os level = 43
preferred master = yes
#----------------------------- Name Resolution
-------------------------------
dns proxy = yes
# --------------------------- Printing Options -----------------------------
load printers = no
cups options = raw
# --------------------------- Filesystem Options ---------------------------
vfs objects = shadow_copy2
veto files = /Maildir/.?*/lost+found/
acl allow execute always = True
#acl allow execute always = false
##############Custom Entry Chris Wensink#########
ntlm auth - yes
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
[public]
comment = Public files read by all but written by few
path = /shares/documents/public
valid users = @users
read only = no
inherit permissions = Yes
#custom entries cw 8.19.2020
shadow:basedir = /shares/documents
shadow:snapdir = ../.documents
#shadow:sort = desc
#follow symlinks = yes
#wide links = yes
[private]
comment = Private files read by few and written by few
path = /shares/documents/private
valid users = @users
read only = no
inherit permissions = Yes
[temp]
comment = Temporary files read by all and written by all
path = /shares/documents/temp
read only = no
inherit permissions = Yes
valid users = @users @manitowoc @tools
[limited]
comment = Limited access folder
path = /shares/documents/limited
valid users = @limited
read only = no
inherit permissions = Yes
[mfg]
comment = Manufacturing files
path = /shares/documents/mfg
valid users = @mfg
read only = no
inherit permissions = Yes
# inherit acls = yes
[mfgsetup]
comment = Manufacturing setup files
path = /shares/documents/mfg_setup
valid users = @mfg_setup
read only = no
inherit permissions = Yes
[rp]
comment = Rapid prototyping files
path = /shares/documents/rp
valid users = @rp
read only = no
inherit permissions = Yes
[rpsetup]
comment = Rapid prototyping setup files
path = /shares/documents/rp_setup
valid users = @rp_setup
read only = no
inherit permissions = Yes
#ntlm auth = yes
[intranet]
comment = Intranet web site
path = /shares/documents/intranet
valid users = @intranet
force group = intranet
read only = no
inherit permissions = Yes
[accounts]
comment = accounts
path = /shares/documents/accounts
valid users = @accounts
read only = no
inherit permissions = Yes
-------------------------------------------------------
A separate backup system is taking backups of the server on a vm
snapshot level daily and on a file level hourly, unrelated to
snapshots. Do I need the snapshots functionality? I have not set this
up, and I don't know if I need to? What are your recommendations?
Respectfully,
Chris
--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink at five-star-plastics.com
www.five-star-plastics.com
More information about the samba
mailing list