Hello, I've an error about a samba share. On a samba domain member, there is 3 shares. The first two are ok, but the third gives an error when I want to connect to it in Windows : Samba.log : -------------------------------------------------------------------------------------------------------- Connect path is '/data/services/' for service [services] [2019/07/01 15:30:00.335684,? 3] ../source3/smbd/uid.c:153(check_user_share_access) ? user DOMAIN\user connection to services denied due to share security descriptor. -------------------------------------------------------------------------------------------------------- Share directory is /data/services (owner = root / group = "Domain Users"). Sharing is called [services] in my smb.conf If I change the name of share and the name of directory ([sharedir] and /data/sharedir for example), everything is working properly. But if I called it [services] it doesn't work. So what does it mean ? Is 'Services' a reserved name ?! o^O Thanks ;-)
On 01/07/2019 15:33, Tom via samba wrote:> Hello, > > I've an error about a samba share. > > On a samba domain member, there is 3 shares. The first two are ok, but > the third gives an error when I want to connect to it in Windows : > > Samba.log : > -------------------------------------------------------------------------------------------------------- > > Connect path is '/data/services/' for service [services] > [2019/07/01 15:30:00.335684,? 3] > ../source3/smbd/uid.c:153(check_user_share_access) > ? user DOMAIN\user connection to services denied due to share security > descriptor.^^^^^^^^^^^^^^^^^^^^^^^^ Check the permissions on the share, access is being denied> > Share directory is /data/services (owner = root / group = "Domain > Users"). > > Sharing is called [services] in my smb.conf > > If I change the name of share and the name of directory ([sharedir] > and /data/sharedir for example), everything is working properly. But > if I called it [services] it doesn't work. > > So what does it mean ? Is 'Services' a reserved name ?! o^O'services' works for me. Rowland
On 02/07/2019 07:41, Tom wrote:> After severals tests, acces is only denied when the share name > configured in smb.conf is [services]. Any other name works, such as > [test] or [blabla]. > > smb.conf : > ------------------------------------- > [services] > path = /data/services/ > browseable = yes > read only = No > force create mode = 770 > force directory mode = 770 > csc policy = disable > store dos attributes = yes > vfs objects = acl_xattr > hide dot files = yes > ------------------------------------- > > So I don't know what to think :-(I repeat, using the share name 'services' works for me, so I think we need more info, what Samba version is this and what is in the [global] section of your smb.conf Rowland
Le 02/07/2019 ? 09:03, Rowland penny via samba a ?crit?:> On 02/07/2019 07:41, Tom wrote: >> After severals tests, acces is only denied when the share name >> configured in smb.conf is [services]. Any other name works, such as >> [test] or [blabla]. >> >> smb.conf : >> ------------------------------------- >> [services] >> path = /data/services/ >> browseable = yes >> read only = No >> force create mode = 770 >> force directory mode = 770 >> csc policy = disable >> store dos attributes = yes >> vfs objects = acl_xattr >> hide dot files = yes >> ------------------------------------- >> >> So I don't know what to think :-( > > > I repeat, using the share name 'services' works for me, so I think we > need more info, what Samba version is this and what is in the [global] > section of your smb.confVersion of Samba is 4.8.3 This is the [global] section of smb.conf : ---------------------------------------------------------------- workgroup = DOMAIN realm = DOMAIN.COM security = ADS bind interfaces only = yes interfaces = lo em1 log level = 3 passdb:5 auth:5 log file = /var/log/samba/samba.log max log size = 50 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-999999 idmap config DOMAIN:unix_nss_info = yes acl allow execute always = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes unix extensions = no ----------------------------------------------------------------