[Samba] Random permission denied and path not found errors
Rowland Penny
rpenny at samba.org
Mon Jun 17 18:18:52 UTC 2024
On Mon, 17 Jun 2024 19:47:04 +0200
Tamas Papp via samba <samba at lists.samba.org> wrote:
>
> On 6/17/24 16:15, Rowland Penny via samba wrote:
> > Are your incus containers privileged ?
>
> Yes.
>
> > I should also point out that, from the Samba point of view, 4.15.13
> > is EOL.
>
>
> I can upgrade samba (ubuntu), but would only do if there is any
> relevant change/fix/improvement. The release notes are quite long and
> in many cases I am unsure about the meaning of the content.
>
> Ubuntu 24.04 includes 4.19.5+dfsg-4ubuntu9.
There have been numerous fixes since 4.15.x , using the most recent
version of Samba possible is always a good idea.
>
> > No idea because I haven't a clue how you are running Samba, for all
> > I know, you could be running sssd on a Samba fileserver.
> >
> > Might be an idea if you post the output of 'testparm -s'
>
>
> Good point, I missed adding the configuration.
>
> The windows server is a AD DC and samba is AD member:
>
>
> # Global parameters
> [global]
> kerberos method = secrets and keytab
> log file = /var/log/samba/log.%m
> logging = file
> map to guest = Bad User
> max log size = 1000
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> realm = SPECTRALSTUDIOS.LOCAL
> security = ADS
> server role = standalone server
> server string = %h server (Samba, Ubuntu)
> template homedir = /home/%U@%D
> template shell = /bin/bash
> unix password sync = Yes
> usershare allow guests = Yes
> winbind offline logon = Yes
> winbind refresh tickets = Yes
> workgroup = SPECTRALSTUDIOS
> idmap config * : range = 10000-999999
> idmap config spectralstudios : backend = rid
> idmap config spectralstudios : range = 2000000-2999999
> idmap config * : backend = tdb
>
> [HUNY_asset]
> comment = HUNY/asset
> create mask = 0664
> directory mask = 02775
> force create mode = 0664
> force directory mode = 02775
> path = /data/Projects/HUNY/asset
> read only = No
> valid users = "@spectralstudios\domain users"
>
>
> There are more shares but the configuration is the same.
Hmm, did you take the standard Ubuntu smb.conf and then add to it ?
I ask this because you have numerous lines that do not really have a
place in Unix domain member smb.conf
I would definitely remove these lines:
obey pam restrictions = Yes
pam password change = Yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server role = standalone server
unix password sync = Yes
Unless you have 'guest ok = yes' or 'public = yes' set in a share (if
so why ?) then I would remove this line:
map to guest = Bad User
Also if you are not going to be using usershares, I would remove this
line:
usershare allow guests = Yes
Turning to your share, add these lines to 'global':
vfs objects = acl_xattr
map acl inherit = Yes
then make your share look like this:
[HUNY_asset]
comment = HUNY/asset
read only = No
Then read this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Rowland
More information about the samba
mailing list