Hi, I don't have the user root. No changes :( Sometimes a user gets permissions, sometimes not. This net conf is now running: [global] ??? winbind refresh tickets = Yes ??? winbind use default domain = yes ??? template shell = /bin/bash ??? idmap config * : range = 1000000 - 1999999 ??? idmap config EXAMPLE : backend = rid ??? idmap config EXAMPLE : range = 500 - 200000 ??? hide dot files = yes ??? server string = FileServer %h (Samba %v) ??? map acl inherit = yes ??? inherit permissions = yes ??? workgroup = ZFD ??? netbios name = CLUSTER-HO ??? clustering = yes ??? security = ads ??? realm = EXAMPLE.com ??? store dos attributes = Yes ??? log level = 3 ??? vfs objects = acl_xattr [home] ??? comment = Home Directories ??? read only = no ??? browseable = yes ??? vfs objects = acl_xattr glusterfs ??? glusterfs:volume = gv-ho ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log ??? glusterfs:loglevel = 3 ??? glusterfs:volfile_server = gluster1 gluster3 ??? kernel share modes = no ??? path = / [Fileshare] ??? comment = Fileshare ??? read only = no ??? vfs objects = acl_xattr glusterfs ??? glusterfs:volume = gv-ho ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log ??? glusterfs:loglevel = 10 ??? glusterfs:volfile_server = gluster1 gluster3 ??? kernel share modes = no ??? path = /data/Files Does this error in log.smbd give a hint? [2019/08/29 12:14:24.765433,? 2] ../source3/smbd/open.c:4045(open_directory) ? open_directory: unable to create testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations. Error was NT_STATUS_OBJECT_NAME_COLLISION [2019/08/29 12:14:24.765472,? 3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_COLLISION] || at ../source3/smbd/smb2_create.c:296 [2019/08/29 12:14:24.767517,? 2] ../source3/smbd/dosmode.c:136(unix_mode) ? unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) inheriting from testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations [2019/08/29 12:14:24.767603,? 2] ../source3/smbd/dosmode.c:161(unix_mode) ? unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) inherit mode 40770 [2019/08/29 12:14:24.767690,? 3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at ../source3/smbd/smb2_create.c:296 [2019/08/29 12:14:35.232651,? 2] ../source3/smbd/close.c:802(close_normal_file) ? ZFD\testuser closed file testuser/AppData/Roaming/Microsoft/Windows/Recent/CustomDestinations/f18460fded109990.customDestinations-ms (numopen=26) NT_STATUS_OK Best regards Bene Am 29.08.19 um 11:17 schrieb Rowland penny via samba:> On 29/08/2019 09:58, Benedikt Kale? via samba wrote: > > Hi, > > > > I have an old Fileserver which is working correct: > > > > This is the smb.conf: > > > > [global] > > security = ads > > realm = EXAMPLE.COM > > workgroup = example > > winbind refresh tickets = Yes > > winbind use default domain = yes > > template shell = /bin/bash > > idmap config * : range = 1000000 - 1999999 > > idmap config ZFD : backend = rid > > idmap config ZFD : range = 0 - 200000 > > hide dotfiles = yes > > server string = Standalone server %h (Samba %v) > > store dos attributes = yes > > vfs objects = acl_xattr > > inherit permissions = Yes > > > > Afterwards I set up the CTDB cluster and did an "rsync -alpAXvt" to copy > > the data from the old Fileserver to the cluster > > > > net conf list: > > > > [global] > > ??? winbind refresh tickets = Yes > > ??? winbind use default domain = yes > > ??? template shell = /bin/bash > > ??? idmap config * : range = 1000000 - 1999999 > > ??? idmap config ZFD : backend = rid > > ??? idmap config ZFD : range = 0 - 200000 > > ??? hide dot files = yes > > ??? server string = forumZFD Daten server %h (Samba %v) > > ??? map acl inherit = yes > > ??? inherit permissions = yes > > ??? workgroup = EXAMPLE > > ??? netbios name = CLUSTER-HO > > ??? clustering = yes > > ??? security = ads > > ??? realm = EXAMPLE.COM > > ??? store dos attributes = Yes > > ??? log level = 3 > > > > The users have often? "permission denied" problems even though the > > windows file explorer the group membership is shown and a gpresult /r > > shows that membership. Sometimes everything works correct. > > > > > I think I understand this, the first smb.conf is from the original > fileserver, the second is from the cluster, if this is the case, we can > ignore the first smb.conf. > > Are the DCs involved in the ctdb cluster, apart from providing > authentication ? > > Do you have a user called 'root' in AD ? if so, remove it. > > Change this: > > idmap config ZFD : range = 0 - 200000 > > to this: > > idmap config ZFD : range = 500 - 200000 > > Add: > > vfs objects = acl_xattr > > Rowland > > >-- ?forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
On 29/08/2019 11:17, Benedikt Kale? via samba wrote:> Hi, > > I don't have the user root. > > No changes :( Sometimes a user gets permissions, sometimes not. > > This net conf is now running: > > [global] > ??? winbind refresh tickets = Yes > ??? winbind use default domain = yes > ??? template shell = /bin/bash > ??? idmap config * : range = 1000000 - 1999999 > ??? idmap config EXAMPLE : backend = rid > ??? idmap config EXAMPLE : range = 500 - 200000 > ??? hide dot files = yes > ??? server string = FileServer %h (Samba %v) > ??? map acl inherit = yes > ??? inherit permissions = yes > ??? workgroup = ZFD > ??? netbios name = CLUSTER-HO > ??? clustering = yes > ??? security = ads > ??? realm = EXAMPLE.com > ??? store dos attributes = Yes > ??? log level = 3 > ??? vfs objects = acl_xattr > > [home] > ??? comment = Home Directories > ??? read only = no > ??? browseable = yes > ??? vfs objects = acl_xattr glusterfs > ??? glusterfs:volume = gv-ho > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > ??? glusterfs:loglevel = 3 > ??? glusterfs:volfile_server = gluster1 gluster3 > ??? kernel share modes = no > ??? path = / > > [Fileshare] > ??? comment = Fileshare > ??? read only = no > ??? vfs objects = acl_xattr glusterfs > ??? glusterfs:volume = gv-ho > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > ??? glusterfs:loglevel = 10 > ??? glusterfs:volfile_server = gluster1 gluster3 > ??? kernel share modes = no > ??? path = /data/Files > > Does this error in log.smbd give a hint? > > [2019/08/29 12:14:24.765433,? 2] ../source3/smbd/open.c:4045(open_directory) > ? open_directory: unable to create > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations. > Error was NT_STATUS_OBJECT_NAME_COLLISION > [2019/08/29 12:14:24.765472,? 3] > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > status[NT_STATUS_OBJECT_NAME_COLLISION] || at > ../source3/smbd/smb2_create.c:296 > [2019/08/29 12:14:24.767517,? 2] ../source3/smbd/dosmode.c:136(unix_mode) > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) > inheriting from > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations > [2019/08/29 12:14:24.767603,? 2] ../source3/smbd/dosmode.c:161(unix_mode) > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) > inherit mode 40770 > [2019/08/29 12:14:24.767690,? 3] > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at > ../source3/smbd/smb2_create.c:296 > [2019/08/29 12:14:35.232651,? 2] > ../source3/smbd/close.c:802(close_normal_file) > ? ZFD\testuser closed file > testuser/AppData/Roaming/Microsoft/Windows/Recent/CustomDestinations/f18460fded109990.customDestinations-ms > (numopen=26) NT_STATUS_OK > > Best regards > > Bene > > >Are you using the same Samba version & smb.conf on all ctdb cluster members. If you run 'getent passwd testuser' on each cluster member, do you get identical results ? Have you read this: https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba Rowland
Hi, yes, I did. I get the same results with "getent passwd testuser" on each node. /etc/ctdb/nodes and /etc/ctdb/public_addresses is exactly the same on each node On each node sernet-samba/stretch,now 99:4.9.12-15 amd64 is installed Yes, I read the documentation. It is strange, that another cluster in another office configured that way is working perfect ;( The load is not as high as the load here. But even here only 20 people are working on it currently Best Bene Am 29.08.19 um 12:36 schrieb Rowland penny via samba:> On 29/08/2019 11:17, Benedikt Kale? via samba wrote: > > Hi, > > > > I don't have the user root. > > > > No changes :( Sometimes a user gets permissions, sometimes not. > > > > This net conf is now running: > > > > [global] > > ??? winbind refresh tickets = Yes > > ??? winbind use default domain = yes > > ??? template shell = /bin/bash > > ??? idmap config * : range = 1000000 - 1999999 > > ??? idmap config EXAMPLE : backend = rid > > ??? idmap config EXAMPLE : range = 500 - 200000 > > ??? hide dot files = yes > > ??? server string = FileServer %h (Samba %v) > > ??? map acl inherit = yes > > ??? inherit permissions = yes > > ??? workgroup = ZFD > > ??? netbios name = CLUSTER-HO > > ??? clustering = yes > > ??? security = ads > > ??? realm = EXAMPLE.com > > ??? store dos attributes = Yes > > ??? log level = 3 > > ??? vfs objects = acl_xattr > > > > [home] > > ??? comment = Home Directories > > ??? read only = no > > ??? browseable = yes > > ??? vfs objects = acl_xattr glusterfs > > ??? glusterfs:volume = gv-ho > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > > ??? glusterfs:loglevel = 3 > > ??? glusterfs:volfile_server = gluster1 gluster3 > > ??? kernel share modes = no > > ??? path = / > > > > [Fileshare] > > ??? comment = Fileshare > > ??? read only = no > > ??? vfs objects = acl_xattr glusterfs > > ??? glusterfs:volume = gv-ho > > ??? glusterfs:logfile = /var/log/samba/glusterfs-gv-ho.log > > ??? glusterfs:loglevel = 10 > > ??? glusterfs:volfile_server = gluster1 gluster3 > > ??? kernel share modes = no > > ??? path = /data/Files > > > > Does this error in log.smbd give a hint? > > > > [2019/08/29 12:14:24.765433,? 2] ../source3/smbd/open.c:4045(open_directory) > > ? open_directory: unable to create > > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations. > > Error was NT_STATUS_OBJECT_NAME_COLLISION > > [2019/08/29 12:14:24.765472,? 3] > > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) > > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > status[NT_STATUS_OBJECT_NAME_COLLISION] || at > > ../source3/smbd/smb2_create.c:296 > > [2019/08/29 12:14:24.767517,? 2] ../source3/smbd/dosmode.c:136(unix_mode) > > > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) > > inheriting from > > testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations > > [2019/08/29 12:14:24.767603,? 2] ../source3/smbd/dosmode.c:161(unix_mode) > > > > unix_mode(testuser/AppData/Roaming/Microsoft/Windows/Recent/AutomaticDestinations/f18460fded109990.automaticDestinations-ms) > > inherit mode 40770 > > [2019/08/29 12:14:24.767690,? 3] > > ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) > > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > > status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at > > ../source3/smbd/smb2_create.c:296 > > [2019/08/29 12:14:35.232651,? 2] > > ../source3/smbd/close.c:802(close_normal_file) > > ? ZFD\testuser closed file > > testuser/AppData/Roaming/Microsoft/Windows/Recent/CustomDestinations/f18460fded109990.customDestinations-ms > > (numopen=26) NT_STATUS_OK > > > > Best regards > > > > Bene > > > > > > > Are you using the same Samba version & smb.conf on all ctdb cluster members. > > If you run 'getent passwd testuser' on each cluster member, do you get > identical results ? > > Rowland > > >-- ?forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX