[Samba] Share won't mount -- how to debug?

Rowland Penny rpenny at samba.org
Wed Nov 3 16:20:12 UTC 2021


On Wed, 2021-11-03 at 10:58 -0500, Patrick Goetz via samba wrote:
> Sorry for spamming the list today.
> 
> I'm slowly testing out my new Samba AD network. At the moment I'm
> trying 
> to mount a share on a W10 client from a CMD prompt, and the mount is 
> failing:
> 
>    net use G: \\data2\share
> 
> I tried a suggestion from Louis to use the FQDN:
> 
>    net use G: \\data2.ea.linuxcs.com\share
> 
> and it still failed, but with a different Windows error
> message.  When I 
> tail -f /var/log/samba/smbd on the fileserver I see
> 
> 
> ---------------------------
> [2021/11/03 10:20:25.088689,  0] 
> ../../source3/auth/token_util.c:565(add_local_groups)
>    add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
> 1103 
> -> getpwuid(11103) failed, is nsswitch configured?
> [2021/11/03 10:20:35.371582,  0] 
> ../../source3/auth/token_util.c:565(add_local_groups)
>    add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
> 1103 
> -> getpwuid(11103) failed, is nsswitch configured?
> [2021/11/03 10:20:35.383936,  0] 
> ../../source3/auth/token_util.c:565(add_local_groups)
>    add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
> 1103 
> -> getpwuid(11103) failed, is nsswitch configured?
> ---------------------------
> 
> 
> 11103 is the uid of the user I'm trying to connect this share
> for.  The 
> suggestion is that nsswitch.conf isn't configured, but in fact it is:
> 
> root at data2:/etc# cat nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files systemd winbind
> group:          files systemd winbind
> ...
> 
> 
> 
> I know I'm using the correct password, because I used it to log in
> on 
> the W10 client as this user.  Any thoughts on what I should look at
> next?
> 
> 
> Other AD stuff works properly:
> root at data2:/etc# getent passwd patrickgoetz
> patrickgoetz:*:11104:10513::/home/EA/patrickgoetz:/bin/false
> root at data2:/etc# wbinfo -i mduffy
> mduffy:*:11103:10513::/home/EA/mduffy:/bin/false
> 
> 
> 
> The share has appropriate ACLs set:
> 
> root at data2:/data# ls -ld share
> drwxrwx--- 2 root staff 4096 Nov  2 19:15 share

The only people that can connect to that share are, the Unix user
'root' and members of the Unix group 'staff'
Remember what I said about 'setfacl'

> 
> 
> The user is a member of the staff group.

Where did you make the user a member of 'staff' and how ?

>   I can't get `get-adgroup` or 
> `get-adgroupmember` to work in PowerShell to demonstrate this; 
> presumably this has to do with the Windows web interface thing.

More likely Windows not having a clue what the Unix group 'staff' is.

> 
> 
> And here is the resource section from smb.conf:
> 
> [share]
>     comment = Share Directory
>     path = /data/share
>     guest ok = no
>     browseable = yes
>     writeable = yes
>     create mask = 0770
>     directory mask = 0770
>     follow symlinks = yes

Please do not post parts of a smb.conf, without the 'global' part, it
hasn't any context (I know you may have posted it previously, but this
would mean searching for it and you may have changed it anyway) :-)

Rowland





More information about the samba mailing list