samba - Jun 2018 - No write access on new shares until smbd is restarted

Rowland,

Sorry - here are the globals and share config:

[global]
template shell=/bin/bash
log file=/var/log/samba/log.%m
log level=8
max log size=5000
passdb backend=tdbsam
load printers=no
printing=bsd
printcap name=/dev/null
map to guest=bad user

[2430_ram]
path=/data/fs/2430-ram
guest ok=no
browseable=yes
create mask=0775
directory mask=0775
read only=no
follow symlinks=yes
wide links=no
valid users=man_dude
oplocks=yes
locking=yes

The log from my first message is a user attempting and failing to create a
folder in the root of the share. The user is the one specified in
valid_users.

The OS level permissions are correct - i.e. I can log in locally as
man_dude and create that folder on the FS.

Let me know if there's other info you could use.

Eugene

On Thu, Jun 14, 2018 at 7:48 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 14 Jun 2018 19:06:37 +0200
> Eugene Pankov via samba <samba at lists.samba.org> wrote:
>
> > Using the latest SerNet 4.8.1 build, I'm seeing users being unable
to
> > write into newly created shares until smbd is restarted.
> > Here's the relevant log part:
> >
> > [2018/06/14 16:04:29.229329,  5]
> > ../source3/smbd/filename.c:662(unix_convert)
> >   unix_convert begin: name = New folder, dirpath = , start = New
> > folder [2018/06/14 16:04:29.229375,  5]
> > ../source3/smbd/vfs.c:1458(check_reduced_name)
> >   check_reduced_name: . reduced to /data/fs/2430-ram
> > [2018/06/14 16:04:29.229432,  5]
> > ../source3/smbd/filename.c:1060(unix_convert)
> >   New file New folder
> > [2018/06/14 16:04:29.229453,  5]
> > ../source3/smbd/vfs.c:1458(check_reduced_name)
> >   check_reduced_name: New folder reduced to /data/fs/2430-ram/New
> > folder [2018/06/14 16:04:29.229465,
> > 5] ../source3/smbd/open.c:3945(open_directory) open_directory:
> > opening directory New folder, access_mask = 0x100081, share_access
> > 0x3 create_options = 0x200001, create_disposition = 0x2,
> > file_attributes = 0x90 [2018/06/14 16:04:29.229488,
> > 5] ../source3/smbd/dosmode.c:206(unix_mode) unix_mode: unix_mode(New
> > folder) returning 0775 [2018/06/14 16:04:29.229560,  5]
> > ../source3/smbd/open.c:319(check_parent_access)
> >   check_parent_access: access check on directory . for path New
> > folder for mask 0x4 returned (0x4) NT_STATUS_ACCESS_DENIED
> > [2018/06/14 16:04:29.229578,
> > 5] ../source3/smbd/open.c:3828(mkdir_internal) mkdir_internal:
> > check_parent_access on directory . for path New folder returned
> > NT_STATUS_ACCESS_DENIED [2018/06/14 16:04:29.229587,
> > 2] ../source3/smbd/open.c:3997(open_directory) open_directory: unable
> > to create New folder. Error was NT_STATUS_ACCESS_DENIED
> > [2018/06/14 16:04:29.229601,  3]
> > ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
> >   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_ACCESS_DENIED] ||
> > at ../source3/smbd/smb2_create.c:296 [2018/06/14 16:04:29.231065,
> > 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change -
> > already user
> >
> > Any advice is appreciated.
> >
> > Regards,
> > Eugene
>
> OK, my advice is, give us more info ;-)
>
> Yes, you are using Samba 4.8.1, but how ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Thu, 14 Jun 2018 20:14:13 +0200
Eugene Pankov <e at ajenti.org> wrote:
> Rowland,
> 
> Sorry - here are the globals and share config:
> 
> [global]
> template shell=/bin/bash
> log file=/var/log/samba/log.%m
> log level=8
> max log size=5000
> passdb backend=tdbsam
> load printers=no
> printing=bsd
> printcap name=/dev/null
> map to guest=bad user
> 
> [2430_ram]
> path=/data/fs/2430-ram
> guest ok=no
> browseable=yes
> create mask=0775
> directory mask=0775
> read only=no
> follow symlinks=yes
> wide links=no
> valid users=man_dude
> oplocks=yes
> locking=yes
> 
> The log from my first message is a user attempting and failing to
> create a folder in the root of the share. The user is the one
> specified in valid_users.
> 
> The OS level permissions are correct - i.e. I can log in locally as
> man_dude and create that folder on the FS.
> 
OK, if I remove all the default lines, I am left with this:

[global]
template shell=/bin/bash
log file=/var/log/samba/log.%m
log level=8
load printers=no
printing=bsd
printcap name=/dev/null
map to guest=bad user

[2430_ram]
path=/data/fs/2430-ram
create mask=0775
directory mask=0775
read only=no
valid users=man_dude

And you can probably remove 'map to guest=bad user' as well, because
you do not have 'guest ok = yes' in the share.

You could probably remove 'template shell=/bin/bash' as well, it
isn't
needed, your Unix has it own shell.

From your smb.conf, you are running samba as a standalone server, is
this what you require ?
If it is, have you added the Unix users as Samba users ?
For more info, see here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Rowland

Yep - that's a standalone server. We're running the same configuration
(generated from a template) on over a hundred of servers, and just a few
manifest this "readonly until restart" behaviour. I'm struggling
to isolate
any specific conditions that cause this at the moment.
The users are added as Samba users.

On Thu, Jun 14, 2018 at 10:06 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 14 Jun 2018 20:14:13 +0200
> Eugene Pankov <e at ajenti.org> wrote:
>
> > Rowland,
> >
> > Sorry - here are the globals and share config:
> >
> > [global]
> > template shell=/bin/bash
> > log file=/var/log/samba/log.%m
> > log level=8
> > max log size=5000
> > passdb backend=tdbsam
> > load printers=no
> > printing=bsd
> > printcap name=/dev/null
> > map to guest=bad user
> >
> > [2430_ram]
> > path=/data/fs/2430-ram
> > guest ok=no
> > browseable=yes
> > create mask=0775
> > directory mask=0775
> > read only=no
> > follow symlinks=yes
> > wide links=no
> > valid users=man_dude
> > oplocks=yes
> > locking=yes
> >
> > The log from my first message is a user attempting and failing to
> > create a folder in the root of the share. The user is the one
> > specified in valid_users.
> >
> > The OS level permissions are correct - i.e. I can log in locally as
> > man_dude and create that folder on the FS.
> >
>
> OK, if I remove all the default lines, I am left with this:
>
> [global]
> template shell=/bin/bash
> log file=/var/log/samba/log.%m
> log level=8
> load printers=no
> printing=bsd
> printcap name=/dev/null
> map to guest=bad user
>
> [2430_ram]
> path=/data/fs/2430-ram
> create mask=0775
> directory mask=0775
> read only=no
> valid users=man_dude
>
> And you can probably remove 'map to guest=bad user' as well,
because
> you do not have 'guest ok = yes' in the share.
>
> You could probably remove 'template shell=/bin/bash' as well, it
isn't
> needed, your Unix has it own shell.
>
> From your smb.conf, you are running samba as a standalone server, is
> this what you require ?
> If it is, have you added the Unix users as Samba users ?
> For more info, see here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

[my previous mail didn't register as an answer in the list it seems]

Yep - that's a standalone server. We're running the same configuration
(generated from a template) on over a hundred of servers, and just a few
manifest this "readonly until restart" behaviour.
I'm struggling to isolate any specific conditions that cause this at the
moment.
The users are added as Samba users.


On Thu, Jun 14, 2018 at 10:06 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 14 Jun 2018 20:14:13 +0200
> Eugene Pankov <e at ajenti.org> wrote:
>
> > Rowland,
> >
> > Sorry - here are the globals and share config:
> >
> > [global]
> > template shell=/bin/bash
> > log file=/var/log/samba/log.%m
> > log level=8
> > max log size=5000
> > passdb backend=tdbsam
> > load printers=no
> > printing=bsd
> > printcap name=/dev/null
> > map to guest=bad user
> >
> > [2430_ram]
> > path=/data/fs/2430-ram
> > guest ok=no
> > browseable=yes
> > create mask=0775
> > directory mask=0775
> > read only=no
> > follow symlinks=yes
> > wide links=no
> > valid users=man_dude
> > oplocks=yes
> > locking=yes
> >
> > The log from my first message is a user attempting and failing to
> > create a folder in the root of the share. The user is the one
> > specified in valid_users.
> >
> > The OS level permissions are correct - i.e. I can log in locally as
> > man_dude and create that folder on the FS.
> >
>
> OK, if I remove all the default lines, I am left with this:
>
> [global]
> template shell=/bin/bash
> log file=/var/log/samba/log.%m
> log level=8
> load printers=no
> printing=bsd
> printcap name=/dev/null
> map to guest=bad user
>
> [2430_ram]
> path=/data/fs/2430-ram
> create mask=0775
> directory mask=0775
> read only=no
> valid users=man_dude
>
> And you can probably remove 'map to guest=bad user' as well,
because
> you do not have 'guest ok = yes' in the share.
>
> You could probably remove 'template shell=/bin/bash' as well, it
isn't
> needed, your Unix has it own shell.
>
> From your smb.conf, you are running samba as a standalone server, is
> this what you require ?
> If it is, have you added the Unix users as Samba users ?
> For more info, see here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>