[Samba] Permission denied for home, even when it's 777
Deft Developer
dev at hymes.name
Mon Jul 6 16:31:46 UTC 2020
I cannot access home samba share from windows. Windows client displays a
permission denied error. The problem is not Linux permissions for the user
directory, permission is still denied when permissions are to 777. I don't
think the problem is selinux, because no denials appear in any logs. I don't
think it's an extended attributes issue from xfs, because I don't see any
attributes from lsattr, and only "selinux" in attr -l. The problem is
specific to home, other shares owned by the same user work as expected.
The share-logs logs show errors like this:
Error opening file . (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0)
192.168.0.8.log.old: smbd_smb2_request_error_ex:
smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at
../../source3/smbd/smb2_create.c:296
192.168.0.8.log.old: get_ea_dos_attribute: Cannot get attribute from EA on
file .: Error = Permission denied
And I see similar errors from strace:
getxattr(".", "user.DOSATTRIB", 0x7ffd35218110, 256) = -1 EACCES (Permission
denied)
getxattr(".", "user.DOSATTRIB", 0x7ffd35218110, 256) = -1 EACCES (Permission
denied)
open(".", O_RDONLY) = -1 EACCES (Permission denied)
openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES
(Permission denied)
I am very puzzled about which "." directory samba is failing to access.
Home shares worked for years with the configuration below, until I migrated
the samba server from one CentOS 7 server to another. I expect that home
shares have never worked on this new CentOS 7 server.
My samba is
Version : 4.10.4
Release : 11.el7_8
CentOS Linux release 7.8.2003 (Core)
Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64
x86_64 x86_64 GNU/Linux
Here is an excerpt of my samba.conf:
workgroup = MSAKYTOWN
realm = MSAKYTOWN.ORG
security = ADS
server string = Galactica %v
netbios name = GALACTICA
log file = /var/log/samba/%m.log
max log size = 50
log level = 4 passdb:5 auth:5
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MSAKYTOWN:backend = ad
idmap config MSAKYTOWN:range = 10000-999999
idmap config MSAKYTOWN:unix_primary_group = no
idmap config MSAKYTOWN:unix_nss_info = yes
idmap config MSAKYTOWN:schema_mode = rfc2307
template shell = /usr/bin/bash
template homedir = /home/%U
kerberos method = secrets and keytab
local master = no
preferred master = no
unix extensions = no
allow insecure wide links = yes
username map = /etc/samba/user.map
[homes]
comment = Home Directories
read only = No
browseable = yes
writable = yes
follow symlinks = yes
wide links = yes
More information about the samba
mailing list