[Samba] Getting 'Access Denied' under Offline mode (Offline Files)

June Chong | TechnologyWise june at tw.co.nz
Thu Sep 19 03:24:32 UTC 2024 

Hi there,

Just following up on this enquiry we had last week.

We just wanted to clarify what protocols /security have changed between 
4.15.13 and 4.19.5 that would effect offline files. We've looked through 
all the release notes between these versions and can't see anything 
related. (Perhaps someone can point us in the right direction?)

Again, we are aware and understand that offline files are not 
recommended. At the moment Folder redirection is used in combination 
with offline files for users that work remotely.

We are planning on changing the structure, just not immediately at this 
stage.

Does anyone else have a similar structure?

Appreciate any advice the community can give in regards to this.

Kind regards,

-- 
*June Chong*
*Engineer | TechnologyWise*

Basestation
148 Durham St
Tauranga, NZ

*E:* june at tw.co.nz | *P:* +64 (0)7 571 1060 | *W:* technologywise.co.nz 
<https://www.technologywise.co.nz>

On 12/09/2024 9:49 am, June Chong | TechnologyWise via samba wrote:
> Hi Rowland,
>
> Many thanks for your reply and assistance.
>
> On 11/09/2024 7:15 pm, Rowland Penny via samba wrote:
>> Is your AD domain really using a single label domain ?
>> This isn't a good idea, Microsoft doesn't support it, so I suppose
>> Samba shouldn't either, see here:
>>
>> https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/single-label-domains-support-policy 
>>
> My apologies. I was sanitizing private information out and did not 
> think it would cause a confusion. We are definitely not using single 
> label domains.
>> I would suggest you do three things:
>>
>> 1) If you are not already doing so, run a second DC.
>> 2) Stop using a DC as a fileserver, create a Unix domain member and use
>> that instead.
> We are aware of having the DC as a fileserver is not recommened. 
> Unfortunately this is an inherited setup for us. But we are planning 
> on changing the structure, just not immediately.
>> 3) Stop using profiles/offline files, they are yesterdays way of doing
>> things, use folder redirection instead.
> We are using folder redirection just with a combination of offline 
> files. The situation is that we have remote users connecting back 
> which would have their profiles cached, else they get a message that 
> their profile is not available until it is connected to the domain 
> controller via VPN.
> This was working on 4.15.13 and we thought perhaps something has 
> changed in between versions up to 4.19.5 that would effect this 
> behaviour.
>
> Kind regards,

More information about the samba mailing list