[Samba] clients not connecting to samba shares

Gary Dale gary at extremeground.com
Tue Apr 11 21:28:24 UTC 2023 

On 2023-04-11 15:09, Rowland Penny via samba wrote:
>
>
> On 11/04/2023 19:05, Gary Dale via samba wrote:
>
>>> I will say it again, you are using a Samba AD DC as a fileserver, 
>>> this means that you must set the permissions from a Windows machine 
>>> and those permissions are stored in an EA, what you see from 'ls' is 
>>> irrelevant
>>> I will say this again, you will be better off running a separate 
>>> fileserver (Unix domain member).
>> That's what I am doing. However the permissions set from Linux are 
>> what the wiki on setting up file shares says to use.
>
> Are you following this :
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> or this:
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
>
>> What is this telling me?
>
> It is telling me that you are mixing local Linux users and Domain groups.
>
>
>>>
>> I'm maintaining Linux access by owning the folders with my Linux account 
>
> First mistake.
>
>> but using the Windows group to allow Windows users to access them. 
>> I've tried propagating the ownership of the folder I'm most 
>> interested in to both :HOME\Domain Admins and also :HOME\Domain Users 
>> but neither is allowing me to see the folders in Windows. Nor can I 
>> grab access rights through the Windows Properties Security tab on the 
>> share.
>>
>> I get the same results when I follow the letter of the file server 
>> wiki and set the share ownership to root.
>
> You do not have to believe me or follow what I advise, but if you 
> don't, I am finished with this thread.
>
> You do not use local Unix users with AD, you create the required users 
> in AD and use those, to prove it, look at this:
>
> rowland at devstation:~$ grep 'rowland' /etc/passwd
> rowland at devstation:~$
>
> As you can see, my username isn't in /etc/passwd
>
> So, how does this work ?
>
> rowland at devstation:~$ getent passwd rowland
> rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash
>
> Yes, my username etc comes from AD.
>
> I am fairly sure that I have said this, forget most of what you know 
> about NT4-style domains, you need to put EVERYTHING into AD.
> You only need a few local Unix users (perhaps only one) just in case 
> something locally goes wrong and you need to log in and fix it.
>
> You can have multiple DC's for failover, if one DC goes faulty, you 
> can easily replace it, without losing the domain.
>
> Rowland
>
Still having a DNS issue perhaps:

from the file server:

> # nslookup 192.168.1.13
> ** server can't find 13.1.168.192.in-addr.arpa: NXDOMAIN
>
from the DC1:

> # samba-tool dns zonecreate DC1 1.168.192.in-addr.arpa -U administrator
> Password for [HOME\administrator]:
> ERROR(runtime): uncaught exception - (9609, 
> 'WERR_DNS_ERROR_ZONE_ALREADY_EXISTS')
>  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 
> 185, in _run
>    return self.run(*args, **kwargs)
>  File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 881, 
> in run
>    dns_conn.DnssrvOperation2(client_version, 0, server, None,
> root at DC1:~# samba-tool dns zonedelete DC1 1.168.192.in-addr.arpa -U 
> administrator
> Password for [HOME\administrator]:
> Zone 1.168.192.in-addr.arpa deleted successfully
> root at DC1:~# samba-tool dns zonecreate DC1 1.168.192.in-addr.arpa -U 
> administrator
> Password for [HOME\administrator]:
> Zone 1.168.192.in-addr.arpa created successfully
>
> ~# nslookup 192.168.1.13
> ** server can't find 13.1.168.192.in-addr.arpa: NXDOMAIN
>
I know it's only the optional reverse lookup, but shouldn't it be 
working? I'm pretty sure this was working earlier too. The various VMs 
are hosted on a RAID-6 array, so I don't think there would be any disk 
corruption. I also restarted the DC1 VM and I'm still getting the problem.

More information about the samba mailing list