[Samba] Access denied for samba share

Andreas Hauffe andreas.hauffe at tu-dresden.de
Mon Sep 21 06:40:56 UTC 2020 

Hi,

we have a stange problem here since samba 4.12. Users on specific 
clients are not allowed to access a share after reboot of the client and 
in very rare cases suddenly during use. When we restart the smb service 
after the access denied message on the client for a share, the user is 
allowed to access the share. So there seems no problem with permissions.

Are there any known reasons for this behavior?

Regards,
Andreas

smb.conf:

# Global parameters
[global]
         bind interfaces only = Yes
         dedicated keytab file = /etc/krb5.keytab
         interfaces = lo enp1s0f0
         kerberos method = secrets and keytab
         realm = ILRW.ING.DOM.TU-DRESDEN.DE
         security = ADS
         server min protocol = SMB3_00
         template homedir = /home/users/linux/%U
         template shell = /bin/bash
         winbind refresh tickets = Yes
         winbind separator = +
         workgroup = ILRW
         idmap config * : range = 2000-2999
         idmap config ilrw : backend = rid
         idmap config ilrw : range = 3000-9999 # UID aus RID für POOL
         idmap config dom : backend = rid
         idmap config dom : range = 10000-9999999 # UID aus RID für DOM
         idmap config * : backend = tdb

[Profile$]
         map acl inherit = Yes
         path = /home/users/windows/profiles
         read only = No
         smb encrypt = required
         vfs objects = acl_xattr


[Umleitungen$]
         map acl inherit = Yes
         path = /home/users/windows/redirections
         read only = No
         smb encrypt = required
         vfs objects = acl_xattr


[UserHome]
         comment = Home Directories
         create mask = 0600
         directory mask = 0700
         hide files = 
/desktop.ini/Desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
         inherit permissions = Yes
         path = /0nfs4exports/home/%U
         read only = No
         root preexec = /bin/MK_PAPIERKORB %H "%u" %h %S
         smb encrypt = required
         valid users = %U
         vfs objects = recycle crossrename
         recycle:repository = %H/.Papierkorb/%S
         recycle:directory_mode = 0700
         recycle:keeptree = Yes
         recycle:touch = Yes
         recycle:maxsize = 536870912
         recycle:versions = Yes
         recycle:noversions = *.ini | *.dat
         recycle:exclude = *.TMP | *.tmp | ~$*.doc
         recycle:exclude_dir = tmp | temp | cache


[UserPapierkorb]
         comment = Papierkorb von %u
         path = /0nfs4exports/home/%U/.Papierkorb
         read only = No
         smb encrypt = required
         valid users = %U

[rfstransfer]
         comment = RFS Datenaustausch
         inherit acls = Yes
         path = /home/rfs/transfer
         read only = No
         smb encrypt = required
         valid users = +ILRW+rfs-mitarbeiter +ILRW+rfs-studenten 
+ILRW+rfs-angehöriger
         acl_xattr:ignore system acls = yes

More information about the samba mailing list