[Samba] Access denied for samba share
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Mon Sep 21 06:40:56 UTC 2020
Hi,
we have a stange problem here since samba 4.12. Users on specific
clients are not allowed to access a share after reboot of the client and
in very rare cases suddenly during use. When we restart the smb service
after the access denied message on the client for a share, the user is
allowed to access the share. So there seems no problem with permissions.
Are there any known reasons for this behavior?
Regards,
Andreas
smb.conf:
# Global parameters
[global]
bind interfaces only = Yes
dedicated keytab file = /etc/krb5.keytab
interfaces = lo enp1s0f0
kerberos method = secrets and keytab
realm = ILRW.ING.DOM.TU-DRESDEN.DE
security = ADS
server min protocol = SMB3_00
template homedir = /home/users/linux/%U
template shell = /bin/bash
winbind refresh tickets = Yes
winbind separator = +
workgroup = ILRW
idmap config * : range = 2000-2999
idmap config ilrw : backend = rid
idmap config ilrw : range = 3000-9999 # UID aus RID für POOL
idmap config dom : backend = rid
idmap config dom : range = 10000-9999999 # UID aus RID für DOM
idmap config * : backend = tdb
[Profile$]
map acl inherit = Yes
path = /home/users/windows/profiles
read only = No
smb encrypt = required
vfs objects = acl_xattr
[Umleitungen$]
map acl inherit = Yes
path = /home/users/windows/redirections
read only = No
smb encrypt = required
vfs objects = acl_xattr
[UserHome]
comment = Home Directories
create mask = 0600
directory mask = 0700
hide files =
/desktop.ini/Desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
inherit permissions = Yes
path = /0nfs4exports/home/%U
read only = No
root preexec = /bin/MK_PAPIERKORB %H "%u" %h %S
smb encrypt = required
valid users = %U
vfs objects = recycle crossrename
recycle:repository = %H/.Papierkorb/%S
recycle:directory_mode = 0700
recycle:keeptree = Yes
recycle:touch = Yes
recycle:maxsize = 536870912
recycle:versions = Yes
recycle:noversions = *.ini | *.dat
recycle:exclude = *.TMP | *.tmp | ~$*.doc
recycle:exclude_dir = tmp | temp | cache
[UserPapierkorb]
comment = Papierkorb von %u
path = /0nfs4exports/home/%U/.Papierkorb
read only = No
smb encrypt = required
valid users = %U
[rfstransfer]
comment = RFS Datenaustausch
inherit acls = Yes
path = /home/rfs/transfer
read only = No
smb encrypt = required
valid users = +ILRW+rfs-mitarbeiter +ILRW+rfs-studenten
+ILRW+rfs-angehöriger
acl_xattr:ignore system acls = yes
More information about the samba
mailing list