[Samba] samba-4.12.9 standalone server : problems with one user only

L.P.H. van Belle belle at bazuin.nl
Wed Apr 28 07:21:34 UTC 2021


Hai, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: dinsdag 27 april 2021 13:03
> Aan: samba
> Onderwerp: [Samba] samba-4.12.9 standalone server : problems 
> with one user only
> 
> 
> I could need some brainstorming here.
> 
> I run a samba-server at a customer for many years now.
> 
> That server started in the days of samba-3.0.x, maybe even 
> 2.x ... would 
> have to research.
> 
> It's standalone:
> 
> # testparm
> 
> Load smb config files from /etc/samba/smb.conf
> 
> Loaded services file OK.
> 
> Server role: ROLE_STANDALONE
> 
> 
> 
> Press enter to see a dump of your service definitions
> 
> 
> 
> # Global parameters
> 
> [global]
> 
> 	log file = /var/log/samba/%M.log
> 
> 	logon home =
> 
> 	logon path =
> 
> 	max log size = 100000
> 
> 	username map = /etc/samba/smbusers
> 
> 	usershare allow guests = Yes
> 
> 	workgroup = SOMEGROUP
> 
> 	idmap config * : backend = tdb
> 
> 	veto files = /.Trash/
> 
> 
> 
> 
> 
> [share1]
> 
> 	comment =
> 
> 	create mask = 0775
> 
> 	directory mask = 0775
> 
> 	force group = users
> 
> 	path = /mnt/revision
> 
> 	read only = No
> 
> 	valid users = sgw user1 user2 [..]
> 	vfs objects = full_audit
> 
> 	recycle:directory_mode = 770
> 
> 	recycle:versions = yes
> 
> 	recycle:keeptree = yes
> 
> 	recycle:repository = .Trash
> 
> 	full_audit:failure = all
> 
> 	full_audit:success = all
> 
> 	full_audit:priority = NOTICE
> 
> 	full_audit:facility = LOCAL5
> 
> -
> 
> As you see, I disabled vfs_recycle some time ago (we had a 
> thread around 
> that topic), so as far as I see only vfs_full_audit is enabled.
> 
> No Windows ACLs, no recycle-bin.
> 
> -
> 
> There are n= ~6 users, all local, created by smbpasswd.
> 
> They all access that server through thin clients, from office or via 
> VPNs from home office.
> 
> n-1 users have no issues. Permissions ok, connecting to two shares 
> ("share1" and their $home) works OK. For months now.
> 
> They all have their .bat-file on the desktop, with the well-known:
> 
> net use x: /DEL /Y
> 
> net use y: /DEL /Y
> 
> net use x: \\\\samba\\share1 /user:SOMEGROUP\%benutzer% /persistent:no
> 
> net use y: \\\\samba\\%benutzer%  /user:SOMEGROUP\%benutzer% 
> /persistent:no
> 
> We have to use that because the upstream (think "hostile") company IT 
> doesn't roll that out via GPOs or so.
> 
> That *works* for yrs now.
> 
> -
> 
> One user has issues all the time over the last months.
> 
> Sometimes one drive connects, and the second fails (with "wrong 
> password" ...  how could that be? same user/pw for all shares)
> 
> Now she gets some error mentioning quotas. We don't have 
> quotas enabled, 
> at least I am not aware of.
> 
> I can access the share from my (linux) PC with her 
> credentials, access 
> and create files and folders.
> 
> -
> 
> Is it possible that something has been messed up in her 
> user-profile on the terminal server she works from?
> 
> I can only imagine something is different for her user.
> 
> Another observation:
> 
> somehow the offline synchronisation was enabled in her session, 
> sometimes her windows toggles the drive to "offline" ...
> 
> Disabling that needs the domain-admin, which I have no access to.
> 
> -
> 
> To me it looks as if it's a problem on the client, or in her 
> user profile.
> 
> Would it make any sense to recreate her samba-user on the 
> samba-server?
> 
> new IDs or so ... ?
> 
> Yes, I could upgrade samba itself as well. So far I run 4.12.9 as it 
> works for the others, and is the "stable package" in Gentoo 
> Linux (the 
> server runs gentoo).
> 
> -
> 
> thanks for any thoughts on this, the user is quite frustrated already 
> and the upstream support begins to reply with "the server isn't 
> administrated by us ... "
> 
> thanks, Stefan
> 

Localy on that pc. 
> somehow the offline synchronisation was enabled in her session, 
> sometimes her windows toggles the drive to "offline" ...

Try this order 
gpedit.msc as admin, and you can set these policies and disable offline sync. 

net use x: /DEL /Y
net use y: /DEL /Y

Reboot and login 2 times

net use x: /DEL /Y
net use y: /DEL /Y

Now, its a stand alone for you, but i seen the message before. 
My fix was/is, reformatting the net use command to : 
net use x: \\\\samba.fqdn\\share1 /user:%benutzer%@REALM /persistent:no
But you have a stand alone.. 
Anything in the windows event logs for this one? 

Greetz, 

Louis




More information about the samba mailing list