[Samba] Files suddenly go readonly

Greg Dickie greg at justaguy.ca
Wed Jan 18 17:05:49 UTC 2023 

On Wed, Jan 18, 2023 at 11:53 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 18/01/2023 16:38, Greg Dickie via samba wrote:
> > Hi,
> >
> > Running samba 4.10.16 on CentOS7. It's a fileserver but with a split
> > personality. For everything UNIX authentication is NIS (I know ;-) but
> for
> > samba we authenticate to AD and all users have the same uidNumber &
> > gidNumber as they do in NIS.
>
> The problem is, you shouldn't have any local users if you are running
> the computer as a domain member, Samba should be 'mapping' the AD users
> to Unix users.
>

Agree but this was a standalone server that we are now transitioning into
the domain and as long as the UIDs and GIDs match everything should be ok
no?


>
> Is it possible to see your smb.conf used on the Unix machines ?
>

O=Sure

[global]
        workgroup = TOTO
        server string = Samba on SRVLXFS2
        realm = TOTO.CA
        security = ads
        kerberos method = secrets only
        winbind use default domain = true
        winbind offline logon = false
        winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes
        idmap config * : range = 16777216-33554431
        idmap config ULTRATCS : schema mode = rfc2307
        idmap config ULTRATCS : backend = ad
        idmap config ULTRATCS : range = 500-10000
        idmap config ULTRATCS : unix_primary_group = yes
        idmap config ULTRATCS : unix_nss_info = yes
        idmap_ldb:use rfc2307 = yes
        template homedir = /home/%U
        min domain uid = 0
       unix extensions = no
       wide links = yes

       printing = cups
       printcap name = cups
       load printers = no
       cups options = raw
        log file = /var/log/samba/log.%m.%U
        log level = 0
        max log size = 50M
        #syslog = 0

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
#        create mask = 0664
#        directory mask = 0775
        force create mode = 0775
        force directory mode = 0775
#        force security mode = 664
#        force directory security mode = 775
        map archive = no



>
> This has been working fine but now I have some
> > users who suddenly lose write access to their files, sometimes. One user
> > has 2 workstations (1 works always, the other exhibits this issue so
> maybe
> > a patch on the workstation?). When this happens IF I give their files
> group
> > write permission they are good again. Does this ring a bell? I have a
> level
> > 10 debug of an ACCESS_DENIED test but nothing in there looks obviously
> > wrong until the ACCESS_DENIED so I can't see why.
>
> Are they supposed to have 'user' permissions or just 'group'
> permissions, also are you using extended ACL's ?
>

user permissions, all the users on this system have the same primary group
of 1000, No ACLs, or at least not supposed to be.


>
> >
> > Tried to rebuild a newer samba version but CentOS seems to not like it.
>
> I noticed :-D
>
> >
> > Any thoughts?
>
> What on ? Life, the universe and everything ? If so the answer is '42'
>

Too easy! Please tell me what I'm doing wrong. The fact that it's not
consistent kills me, I am unable to reproduce on my own.

Thanks Rowland!
Greg


>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 


Greg Dickie
just a guy
514-983-5400

More information about the samba mailing list