[Samba] Getting 'Access Denied' under Offline mode (Offline Files)
June Chong | TechnologyWise
june at tw.co.nz
Wed Sep 11 01:25:08 UTC 2024
Hi Rowland,
Below is the output for testparm -s:
/Server role: ROLE_ACTIVE_DIRECTORY_DC
/
/# Global parameters
[global]
ldap server require strong auth = No
passdb backend = samba_dsdb
realm = SAMBADOM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = SAMBADOM
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
vfs objects = dfs_samba4 acl_xattr
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/sambadom/scripts
read only = No
[pc-admin]
path = /data/share_pool/pc_admin
read only = No
vfs objects = recycle
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle
[openvpn_share]
path = /data/vpncerts
read only = No
vfs objects = recycle
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle
[usr_profiles]
path = /data/usr_profiles
read only = No
vfs objects = recycle acl_xattr
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle
[usr_homes]
path = /data/usr_homes
read only = No
vfs objects = recycle acl_xattr
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle
[general]
path = /data/share_pool/general
read only = No
vfs objects = recycle full_audit acl_xattr
full_audit:failure = none
full_audit:success = mkdirat renameat write read readdir open
connect chdir disconnect
full_audit:syslog = true
full_audit:prefix = %u|%I|%S
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/
Kind regards,
--
*June Chong*
*Engineer | TechnologyWise*
Basestation
148 Durham St
Tauranga, NZ
*E:* june at tw.co.nz | *P:* +64 (0)7 571 1060 | *W:* technologywise.co.nz
<https://www.technologywise.co.nz>
On 10/09/2024 7:36 pm, Rowland Penny via samba wrote:
> On Tue, 10 Sep 2024 15:32:46 +1200
> June Chong | TechnologyWise via samba<samba at lists.samba.org> wrote:
>
>> Hi team,
>>
>> Hoping someone from the community would be able to help.
>>
>> Samba version *: 4.19.5*
>>
>> OS *: Ubuntu 24.04*
>>
>> We have a perculiar situation where users are getting /Access Denied/
>> on their roaming user profiles. These profiles are redirected using
>> Windows GPOs with Offline Files enabled. We could replicate these on
>> several instances that we manage.
>>
>> On version 4.15.13, when 'Offline Files' are in /offline mode /users
>> can still work on their files under their profile and once /online/,
>> the files will be synced back with the new changes.
>>
>> Now on Samba 4.19.5, users are getting these errors /Access Denied/ /
>> /You will need permission to make changes onto the folder /under
>> /offline mode/. However, if it is a file within the top level folder,
>> they are ok to make changes to.
>>
>> E.g. \\server\profiles\user\Desktop\Folder 1 (Changes can't be
>> made. Access Denied.)
>>
>> \\server\profiles\user\Desktop\File 1 (Changes can't be
>> made. Access Denied.)
>>
>> \\server\profiles\user\Desktop\Folder 1\File 1 (Changes can
>> be made. No issues. Same thing goes for another folder instead of
>> file.)
>>
>> Once the Sync Centre is shown to be back in /Online mode/ everything
>> works fine.
>>
>> Nothing in the Windows Event Logs could specify. SMB connections are
>> using version SMB3 as it should be on both versions (seen via
>> smbstatus). The release notes did not mention anything that might
>> effect this.
>>
>> Would someone be able to point us in the right direction?
>>
>> Kind regards,
>>
> I think we need to see your smb.conf (to see just how you are sharing
> the profiles), please post the output of 'testparm -s'
>
> Rowland
>
>
More information about the samba
mailing list