[Samba] Random permission denied and path not found errors
Tamás Papp
t.papp at spectral.hu
Tue Jul 9 03:22:52 UTC 2024
Update:
Fingers crossed, after a week, it looks that upgrading to Samba 4.20
(thanks MJT!) resolved the issue.
The config is the below except
vfs objects = acl_xattr
map acl inherit = Yes
Thanks for your help, it's much appreciated!
Cheers,
Tamás
On June 22, 2024 11:58:01 Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Sat, 22 Jun 2024 11:34:21 +0200
> Tamás Papp <t.papp at spectral.hu> wrote:
>
>> I have upgraded one of the servers to 4.20 from MJT's repository,
>> however it's not the main one and has way lower traffic load.
>>
>> I have also removed the entries that you suggested.
>
> I am taking it that your Unix domain members smb.conf now looks similar
> to this:
>
> [global]
> workgroup = SPECTRALSTUDIOS
> realm = SPECTRALSTUDIOS.LOCAL
> security = ADS
> server string = %h server (Samba, Ubuntu)
> kerberos method = secrets and keytab
> log file = /var/log/samba/log.%m
> logging = file
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> winbind offline logon = Yes
> winbind refresh tickets = Yes
> idmap config * : backend = tdb
> idmap config * : range = 10000-999999
> idmap config spectralstudios : backend = rid
> idmap config spectralstudios : range = 2000000-2999999
> template homedir = /home/%U@%D
> template shell = /bin/bash
> vfs objects = acl_xattr
> map acl inherit = Yes
>
> [HUNY_asset]
> comment = HUNY/asset
> path = /data/Projects/HUNY/asset
> read only = No
>
>>
>> Besides this changes I started wondering two other workarounds.
>>
>> 1. Is it possible to add and authenticate a local user when the samba
>> server is an AD member?
>
> No, a local user is just that, a local user and is unknown to Samba.
>
>> I would add a local user and render machines would map the share with
>> that user.
>
> Sorry, but that, in my opinion, would not work.
>
>>
>> 2. Is there any option to cache AD users better?
>
> They should already be cached, but you could try adding 'winbind
> offline login = yes' to the smb.conf
>
>> My assumption is that the user id or gid does not resolve properly
>> and that's the root cause.
>
> If they are not resolving, then there must be a reason, which is
> usually dns, I take it that the Unix domain members are using the Samba
> DCs as their nameservers ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list