[Samba] Share won't mount -- how to debug?

Patrick Goetz pgoetz at math.utexas.edu
Wed Nov 3 16:32:03 UTC 2021


Hi Roland-

On 11/3/21 11:20, Rowland Penny via samba wrote:
> On Wed, 2021-11-03 at 10:58 -0500, Patrick Goetz via samba wrote:
>> Sorry for spamming the list today.
>>
>> I'm slowly testing out my new Samba AD network. At the moment I'm
>> trying
>> to mount a share on a W10 client from a CMD prompt, and the mount is
>> failing:
>>
>>     net use G: \\data2\share
>>
>> I tried a suggestion from Louis to use the FQDN:
>>
>>     net use G: \\data2.ea.linuxcs.com\share
>>
>> and it still failed, but with a different Windows error
>> message.  When I
>> tail -f /var/log/samba/smbd on the fileserver I see
>>
>>
>> ---------------------------
>> [2021/11/03 10:20:25.088689,  0]
>> ../../source3/auth/token_util.c:565(add_local_groups)
>>     add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
>> 1103
>> -> getpwuid(11103) failed, is nsswitch configured?
>> [2021/11/03 10:20:35.371582,  0]
>> ../../source3/auth/token_util.c:565(add_local_groups)
>>     add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
>> 1103
>> -> getpwuid(11103) failed, is nsswitch configured?
>> [2021/11/03 10:20:35.383936,  0]
>> ../../source3/auth/token_util.c:565(add_local_groups)
>>     add_local_groups: SID S-1-5-21-2398640129-655337111-1434392923-
>> 1103
>> -> getpwuid(11103) failed, is nsswitch configured?
>> ---------------------------
>>
>>
>> 11103 is the uid of the user I'm trying to connect this share
>> for.  The
>> suggestion is that nsswitch.conf isn't configured, but in fact it is:
>>
>> root at data2:/etc# cat nsswitch.conf
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages
>> installed, try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd:         files systemd winbind
>> group:          files systemd winbind
>> ...
>>
>>
>>
>> I know I'm using the correct password, because I used it to log in
>> on
>> the W10 client as this user.  Any thoughts on what I should look at
>> next?
>>
>>
>> Other AD stuff works properly:
>> root at data2:/etc# getent passwd patrickgoetz
>> patrickgoetz:*:11104:10513::/home/EA/patrickgoetz:/bin/false
>> root at data2:/etc# wbinfo -i mduffy
>> mduffy:*:11103:10513::/home/EA/mduffy:/bin/false
>>
>>
>>
>> The share has appropriate ACLs set:
>>
>> root at data2:/data# ls -ld share
>> drwxrwx--- 2 root staff 4096 Nov  2 19:15 share
> 
> The only people that can connect to that share are, the Unix user
> 'root' and members of the Unix group 'staff'
> Remember what I said about 'setfacl'
> 


Maybe this is the problem?  I set up staff as an AD security group, not 
realizing it's a built in group in /etc/group. But this is likely 
confusing the system.  The group does ID correctly.  You can tell from 
the group UID that it's an AD group:

root at data2:/data# id staff
uid=11110(staff) gid=11110(staff) groups=11110(staff)

root at data2:/data# grep staff /etc/group
staff:x:50:

OK, let me change the name of the Security Group to see if this resolves 
the issue.



>>
>>
>> The user is a member of the staff group.
> 
> Where did you make the user a member of 'staff' and how ?
> 
>>    I can't get `get-adgroup` or
>> `get-adgroupmember` to work in PowerShell to demonstrate this;
>> presumably this has to do with the Windows web interface thing.
> 
> More likely Windows not having a clue what the Unix group 'staff' is.
> 
>>
>>
>> And here is the resource section from smb.conf:
>>
>> [share]
>>      comment = Share Directory
>>      path = /data/share
>>      guest ok = no
>>      browseable = yes
>>      writeable = yes
>>      create mask = 0770
>>      directory mask = 0770
>>      follow symlinks = yes
> 
> Please do not post parts of a smb.conf, without the 'global' part, it
> hasn't any context (I know you may have posted it previously, but this
> would mean searching for it and you may have changed it anyway) :-)
> 
> Rowland
> 
> 
> 



More information about the samba mailing list