[Samba] Random permission denied and path not found errors

Tamás Papp t.papp at spectral.hu
Tue Jul 9 03:22:52 UTC 2024 

Update:

Fingers crossed, after a week, it looks that upgrading to Samba 4.20 
(thanks MJT!) resolved the issue.

The config is the below except

vfs objects = acl_xattr
map acl inherit = Yes


Thanks for your help, it's much appreciated!

Cheers,
Tamás

On June 22, 2024 11:58:01 Rowland Penny via samba <samba at lists.samba.org> 
wrote:

> On Sat, 22 Jun 2024 11:34:21 +0200
> Tamás Papp <t.papp at spectral.hu> wrote:
>
>> I have upgraded one of the servers to 4.20 from MJT's repository,
>> however it's not the main one and has way lower traffic load.
>>
>> I have also removed the entries that you suggested.
>
> I am taking it that your Unix domain members smb.conf now looks similar
> to this:
>
> [global]
>   workgroup = SPECTRALSTUDIOS
>   realm = SPECTRALSTUDIOS.LOCAL
>   security = ADS
>   server string = %h server (Samba, Ubuntu)
>   kerberos method = secrets and keytab
>   log file = /var/log/samba/log.%m
>   logging = file
>   max log size = 1000
>   panic action = /usr/share/samba/panic-action %d
>   winbind offline logon = Yes
>   winbind refresh tickets = Yes
>   idmap config * : backend = tdb
>   idmap config * : range = 10000-999999
>   idmap config spectralstudios : backend = rid
>   idmap config spectralstudios : range = 2000000-2999999
>   template homedir = /home/%U@%D
>   template shell = /bin/bash
>   vfs objects = acl_xattr
>   map acl inherit = Yes
>
> [HUNY_asset]
>   comment = HUNY/asset
>   path = /data/Projects/HUNY/asset
>   read only = No
>
>>
>> Besides this changes I started wondering two other workarounds.
>>
>> 1. Is it possible to add and authenticate a local user when the samba
>> server is an AD member?
>
> No, a local user is just that, a local user and is unknown to Samba.
>
>> I would add a local user and render machines would map the share with
>> that user.
>
> Sorry, but that, in my opinion, would not work.
>
>>
>> 2. Is there any option to cache AD users better?
>
> They should already be cached, but you could try adding 'winbind
> offline login = yes' to the smb.conf
>
>> My assumption is that the user id or gid does not resolve properly
>> and that's the root cause.
>
> If they are not resolving, then there must be a reason, which is
> usually dns, I take it that the Unix domain members are using the Samba
> DCs as their nameservers ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list