[Samba] Intermittent permission denied when accessing share
Rowland penny
rpenny at samba.org
Mon May 18 20:45:25 UTC 2020
On 18/05/2020 21:12, Lorenzo Milesi wrote:
>> Not sure, but that is the way it looks, just a thought, are you using
>> sssd ?
> no, not even installed
>
>> Just like a normal share, '[homes]' is a special share that doesn't use
>> 'path. There used to be something on the wiki about using '[home]' on a
>> DC, I didn't know it had gone until you mentioned it ;-)
> So if I use [home] it would be a normal share, to limit access to single user's "home" I have to follow this [1].
No, that isn't the Unix users homedirectory. If you use [homes] (without
the path), the Unix home directory is set to the 6th section of 'getent
passwd username' and can be something like '/home/username'. This is set
by Samba in one of two ways for an AD unix user, either by using the
'ad' backend which will extract the users 'unixHomeDirectory' attribute
from AD, or by setting 'template homedir' in smb.conf.
>
>> How did you create the domain ?
> Following the guide [2]
> samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=WDC.MYDOMAIN.IT --domain=WDC --adminpass=passwor
Nothing wrong there.
>> Oh Dear, you seem to have a kerberos server running on your Samba AD DC,
>> no sorry, make that two kerberos servers.
> Well, it's NOT running.
> Anyway I didn't install it on purpose, if it's there it came as a dependency of something else (Ubuntu.
You posted:
Cannot open DB2 database '/etc/krb5kdc/principal'
I would expect to only see that on a machine with the MIT kdc installed,
try this
apt-get -s remove krb5-kdc
This will prove one way or other if it is installed and what it wants to
remove along with it, it will not remove anything.
>
>> That is unless your OS is Fedora and you are using the distro packages
>> and you missed the 'experimental' warning.
> Which warning are you referring to? This [3]?
No, this one:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Experimental_Feature
> Any hint on how to recover?
>
>
> As it's becoming urgent, what could be the most probable culprit of the inaccessible shares problem?
What OS is this ?
Can you run the attached script on the DC and copy the output into a
post (sanitised if required)
Rowland
More information about the samba
mailing list