[Samba] Samba share not quite working on Domain Controller

Mark Foley mfoley at novatec-inc.com
Sun Dec 17 06:23:29 UTC 2023


On Sat Dec 16 15:49:27 2023 Mark Foley via samba <samba at lists.samba.org> wrote:
>
> I don't know if this is a Windows, Linux or Samba problem. I've posted this
> issue to both Windows and Linux forums, but no one seem to have any idea so far.
>
> Note that this works on my current/old DC version 4.8.2 provisioned with
> BIND9_FLATFILE. The "new" DC is version 4.18.8 provisioned with SAMBA_INTERNAL.
> I don't know if this matters or not. My smb.conf is:
>
(deleted)
> [Users]
>     path = /redirectedFolders/Users
>     comment = user folders for redirection
>     read only = No
(deleted)
>
> All but the [Users] section was auto-generated by the provision command. Yes, I
> know putting a Share on the DC is not recommended, but I've used that for the
> redirected folders on the old DC for the past 10 years and, although not
> recommended, it's not actually "forbidden". 
>
> I have successfully joined a Windows 10 workstation as a domain members. In
> Windows Explorer (as DC Administrator), I can open the share with
> \\dc1.hprs.locl, and I see my folders. The folder in question is 'Users' I can
> put files into that folder from Windows, no problem. However if I right-click
> on 'Users > Properties > Security', Explorer crashes. This does not happen
> doing the same thing on the other two folders (sysvol and netlogin). I find
> nothing in the Linux log files. The Windows event log gives:
>
[deleted]
>
> Any idea what's up with this?
>
> Thanks --Mark
>

I got this fixed! Nothing like a little lotus-position medidatation and
navel-contemplation to gain enlightenment.

Since sysvol and netlogin folders didn't crash when I selected their Properties >
Security, I reasoned there must be something about permissions or ownership afoot.
Sure enough:

# ls -ld /var/lib/samba/sysvol/
drwxrwx---+ 3 root 3000000 4096 2023-11-29 21:16 /var/lib/samba/sysvol/

Both of those directories, created by provisioning, are members of group 3000000
which I presume is some administrative group (although 'getent group 3000000' on
the DC returns nothing, so I'm not sure).

I could have probably just set the group for Users to 3000000, but there are
some extended attributes (designated by the '+' sign), so I cloned sysvol to
Users:

# rmdir /redirectedFolders/Users/
# cp -rp /var/lib/samba/sysvol/ /redirectedFolders/
# cd /redirectedFolders/
# mv sysvol/ Users
# cd Users/
# rm -r hprs.locl/
# cd ..
# ls -l
drwxrwx---+ 2 root 3000000 4096 2023-12-17 00:13 Users/

Voila! Same permission, complete with extended attributes.

After doing that I was able to set Properties > Security correctly on the
Windows computer.

This by no means finishes the 'Redirected Folders' effort.  I have yet to create
the Group Policy and then attempt to restore the users' Desktops, etc. to this
directory, but I wanted to at least let the sambalist know I got past this
problem so everyone who was working feverishly on helping me figuring it out
could stand down. 

Hope this helps ayone tying to set up Redirected Folders.

--Mark



More information about the samba mailing list