[Samba] Random permission denied and path not found errors
Rowland Penny
rpenny at samba.org
Sat Jun 22 09:56:38 UTC 2024
On Sat, 22 Jun 2024 11:34:21 +0200
Tamás Papp <t.papp at spectral.hu> wrote:
> I have upgraded one of the servers to 4.20 from MJT's repository,
> however it's not the main one and has way lower traffic load.
>
> I have also removed the entries that you suggested.
I am taking it that your Unix domain members smb.conf now looks similar
to this:
[global]
workgroup = SPECTRALSTUDIOS
realm = SPECTRALSTUDIOS.LOCAL
security = ADS
server string = %h server (Samba, Ubuntu)
kerberos method = secrets and keytab
log file = /var/log/samba/log.%m
logging = file
max log size = 1000
panic action = /usr/share/samba/panic-action %d
winbind offline logon = Yes
winbind refresh tickets = Yes
idmap config * : backend = tdb
idmap config * : range = 10000-999999
idmap config spectralstudios : backend = rid
idmap config spectralstudios : range = 2000000-2999999
template homedir = /home/%U@%D
template shell = /bin/bash
vfs objects = acl_xattr
map acl inherit = Yes
[HUNY_asset]
comment = HUNY/asset
path = /data/Projects/HUNY/asset
read only = No
>
> Besides this changes I started wondering two other workarounds.
>
> 1. Is it possible to add and authenticate a local user when the samba
> server is an AD member?
No, a local user is just that, a local user and is unknown to Samba.
> I would add a local user and render machines would map the share with
> that user.
Sorry, but that, in my opinion, would not work.
>
> 2. Is there any option to cache AD users better?
They should already be cached, but you could try adding 'winbind
offline login = yes' to the smb.conf
> My assumption is that the user id or gid does not resolve properly
> and that's the root cause.
If they are not resolving, then there must be a reason, which is
usually dns, I take it that the Unix domain members are using the Samba
DCs as their nameservers ?
Rowland
More information about the samba
mailing list