[Samba] samba-4.12.9 standalone server : problems with one user only

Stefan G. Weichinger lists at xunil.at
Tue Apr 27 11:03:24 UTC 2021


I could need some brainstorming here.

I run a samba-server at a customer for many years now.

That server started in the days of samba-3.0.x, maybe even 2.x ... would 
have to research.

It's standalone:

# testparm

Load smb config files from /etc/samba/smb.conf

Loaded services file OK.

Server role: ROLE_STANDALONE



Press enter to see a dump of your service definitions



# Global parameters

[global]

	log file = /var/log/samba/%M.log

	logon home =

	logon path =

	max log size = 100000

	username map = /etc/samba/smbusers

	usershare allow guests = Yes

	workgroup = SOMEGROUP

	idmap config * : backend = tdb

	veto files = /.Trash/





[share1]

	comment =

	create mask = 0775

	directory mask = 0775

	force group = users

	path = /mnt/revision

	read only = No

	valid users = sgw user1 user2 [..]
	vfs objects = full_audit

	recycle:directory_mode = 770

	recycle:versions = yes

	recycle:keeptree = yes

	recycle:repository = .Trash

	full_audit:failure = all

	full_audit:success = all

	full_audit:priority = NOTICE

	full_audit:facility = LOCAL5

-

As you see, I disabled vfs_recycle some time ago (we had a thread around 
that topic), so as far as I see only vfs_full_audit is enabled.

No Windows ACLs, no recycle-bin.

-

There are n= ~6 users, all local, created by smbpasswd.

They all access that server through thin clients, from office or via 
VPNs from home office.

n-1 users have no issues. Permissions ok, connecting to two shares 
("share1" and their $home) works OK. For months now.

They all have their .bat-file on the desktop, with the well-known:

net use x: /DEL /Y

net use y: /DEL /Y

net use x: \\\\samba\\share1 /user:SOMEGROUP\%benutzer% /persistent:no

net use y: \\\\samba\\%benutzer%  /user:SOMEGROUP\%benutzer% /persistent:no

We have to use that because the upstream (think "hostile") company IT 
doesn't roll that out via GPOs or so.

That *works* for yrs now.

-

One user has issues all the time over the last months.

Sometimes one drive connects, and the second fails (with "wrong 
password" ...  how could that be? same user/pw for all shares)

Now she gets some error mentioning quotas. We don't have quotas enabled, 
at least I am not aware of.

I can access the share from my (linux) PC with her credentials, access 
and create files and folders.

-

Is it possible that something has been messed up in her user-profile on 
the terminal server she works from?

I can only imagine something is different for her user.

Another observation:

somehow the offline synchronisation was enabled in her session, 
sometimes her windows toggles the drive to "offline" ...

Disabling that needs the domain-admin, which I have no access to.

-

To me it looks as if it's a problem on the client, or in her user profile.

Would it make any sense to recreate her samba-user on the samba-server?

new IDs or so ... ?

Yes, I could upgrade samba itself as well. So far I run 4.12.9 as it 
works for the others, and is the "stable package" in Gentoo Linux (the 
server runs gentoo).

-

thanks for any thoughts on this, the user is quite frustrated already 
and the upstream support begins to reply with "the server isn't 
administrated by us ... "

thanks, Stefan



More information about the samba mailing list