[Samba] vfs_shadow_copy2: permission denied - SMB_VFS_NEXT_OPENDIR() failed for '/snapshots'
Isaac Stone
isaac.stone at som.com
Thu Jul 23 23:00:13 UTC 2020
Hello. I am trying to get the windows "previous versions" / shadow copies
to work with our setup (samba+winbind over objectivefs).
I have setup a test where I manually mounted two objectivefs snapshots in
the /snapshots/ directory. Objectivefs filesystem is mounted on /ofs. When
I try and look at the "previous version" in windows I get the error "there
are no previous versions available"
information:
--------------------------------------------
smb --version
Version 4.11.2
/etc/*-release
NAME="Red Hat Enterprise Linux"
VERSION="8.2 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.2"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.2 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8.2:GA"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.2"
Red Hat Enterprise Linux release 8.2 (Ootpa)
Red Hat Enterprise Linux release 8.2 (Ootpa)
/etc/samba/smb.conf
[global]
netbios name = SMB-OFS-TMOLI42
realm = SAMDOM.LOCAL
workgroup = SAMDOM
security = ads
log level = 5
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
map acl inherit = yes
# uncomment for debugging purposes only; should not be used in production
# winbind enum users = yes
# winbind enum groups = yes
winbind refresh tickets = yes
# disables printing:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
#============================ Share Definitions
==============================
[ofs]
path = /ofs
writeable = yes
browsable = yes
fileid:algorithm = fsname
vfs objects = fileid acl_xattr shadow_copy2
acl_xattr:ignore system acls = yes
shadow:snapdir = /snapshots
shadow:format = "%Y-%m-%dT%H:%M:%S"
/var/log/samba/log.smbd
...
[2020/07/23 21:33:47.672671, 2] ../../source3/smbd/open.c:1456(open_file)
SAMDOM\user.name opened file foo.txt read=Yes write=No (numopen=6)
[2020/07/23 21:33:47.672697, 5]
../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock)
dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/lock/locking.tdb
[2020/07/23 21:33:47.672773, 5]
../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock)
dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/lock/locking.tdb
[2020/07/23 21:33:47.672845, 5]
../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
dos_mode_debug_print: parse_dos_attribute_blob returning (0x20): "a"
[2020/07/23 21:33:47.672872, 5]
../../source3/smbd/dosmode.c:72(dos_mode_debug_print)
dos_mode_debug_print: dos_mode returning (0x20): "a"
[2020/07/23 21:33:47.672887, 4]
../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(11117, 10513) : sec_ctx_stack_ndx = 1
[2020/07/23 21:33:47.672910, 4] ../../source3/smbd/uid.c:576(push_conn_ctx)
push_conn_ctx(3015844062) : conn_ctx_stack_ndx = 0
[2020/07/23 21:33:47.672928, 4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/07/23 21:33:47.672943, 5]
../../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2020/07/23 21:33:47.672956, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2020/07/23 21:33:47.673030, 4]
../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (11117, 10513) - sec_ctx_stack_ndx = 0
[2020/07/23 21:33:47.673070, 5]
../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock)
dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/lock/smbXsrv_open_global.tdb
[2020/07/23 21:33:47.673096, 5]
../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock)
dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/lock/smbXsrv_open_global.tdb
[2020/07/23 21:33:47.673777, 5]
../../source3/smbd/uid.c:326(change_to_user_impersonate)
change_to_user_impersonate: Skipping user change - already user
[2020/07/23 21:33:47.673825, 5]
../../source3/smbd/uid.c:300(print_impersonation_info)
print_impersonation_info: Impersonated user: uid=(11117,11117),
gid=(0,10513), cwd=[/ofs]
[2020/07/23 21:33:47.673858, 4]
../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(11117, 10513) : sec_ctx_stack_ndx = 1
[2020/07/23 21:33:47.673878, 4] ../../source3/smbd/uid.c:576(push_conn_ctx)
push_conn_ctx(3015844062) : conn_ctx_stack_ndx = 0
[2020/07/23 21:33:47.673889, 4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2020/07/23 21:33:47.673898, 5]
../../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2020/07/23 21:33:47.673907, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2020/07/23 21:33:47.673943, 4]
../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (11117, 10513) - sec_ctx_stack_ndx = 0
[2020/07/23 21:33:47.673987, 2]
../../source3/modules/vfs_shadow_copy2.c:2178(shadow_copy2_get_shadow_copy_data)
shadow_copy2: SMB_VFS_NEXT_OPENDIR() failed for '/snapshots' - Permission
denied
[2020/07/23 21:33:47.674018, 5]
../../source3/modules/vfs_default.c:1284(vfswrap_fsctl)
FSCTL_GET_SHADOW_COPY_DATA: connectpath /ofs, failed -
NT_STATUS_NOT_SUPPORTED.
[2020/07/23 21:33:47.674034, 3]
../../source3/smbd/smb2_server.c:3266(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INVALID_DEVICE_REQUEST] || at
../../source3/smbd/smb2_ioctl.c:312
[2020/07/23 21:33:58.271434, 5]
../../source3/smbd/uid.c:326(change_to_user_impersonate)
change_to_user_impersonate: Skipping user change - already user
[2020/07/23 21:33:58.380559, 5]
../../source3/smbd/uid.c:300(print_impersonation_info)
print_impersonation_info: Impersonated user: uid=(11117,11117),
gid=(0,10513), cwd=[/ofs]
[2020/07/23 21:33:58.380606, 5]
../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock)
dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/lock/locking.tdb
[2020/07/23 21:33:58.380674, 5]
../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock)
dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/lock/locking.tdb
[2020/07/23 21:33:58.380723, 2]
../../source3/smbd/close.c:813(close_normal_file)
SAMDOM\user.name closed file foo.txt (numopen=5) NT_STATUS_OK
...
wbinfo --gid-info 10513
SAMDOM\domain users:x:10513:
wbinfo --uid-info 11117
SAMDOM\user.name:*:11117:10513::/home/SOMDEV/user.name:/bin/false
stat /snapshots/
File: /snapshots/
Size: 60 Blocks: 0 IO Block: 4096 directory
Device: ca02h/51714d Inode: 25249202 Links: 4
Access: (0777/drwxrwxrwx) Uid: (11117/SAMDOM\user.name) Gid:
(10513/SOMDEV\domain users)
Context: unconfined_u:object_r:default_t:s0
Access: 2020-07-23 21:28:52.423473925 +0000
Modify: 2020-07-23 17:30:42.754694526 +0000
Change: 2020-07-23 21:33:26.326257000 +0000
Birth: -
-------------------------------------------------------
let me know if there is any other information you might need.
Thanks,
- isaac stone
More information about the samba
mailing list