Lorenzo Milesi
2020-May-18 20:12 UTC
[Samba] Intermittent permission denied when accessing share
> Not sure, but that is the way it looks, just a thought, are you using > sssd ?no, not even installed> Just like a normal share, '[homes]' is a special share that doesn't use > 'path. There used to be something on the wiki about using '[home]' on a > DC, I didn't know it had gone until you mentioned it ;-)So if I use [home] it would be a normal share, to limit access to single user's "home" I have to follow this [1].> How did you create the domain ?Following the guide [2] samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=WDC.MYDOMAIN.IT --domain=WDC --adminpass=passwor> Oh Dear, you seem to have a kerberos server running on your Samba AD DC, > no sorry, make that two kerberos servers.Well, it's NOT running. Anyway I didn't install it on purpose, if it's there it came as a dependency of something else (Ubuntu.> That is unless your OS is Fedora and you are using the distro packages > and you missed the 'experimental' warning.Which warning are you referring to? This [3]? Any hint on how to recover? As it's becoming urgent, what could be the most probable culprit of the inaccessible shares problem? Thanks again [1]?https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers [2] https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_a_Samba_Active_Directory [3]?https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Introduction -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
Rowland penny
2020-May-18 20:45 UTC
[Samba] Intermittent permission denied when accessing share
On 18/05/2020 21:12, Lorenzo Milesi wrote:>> Not sure, but that is the way it looks, just a thought, are you using >> sssd ? > no, not even installed > >> Just like a normal share, '[homes]' is a special share that doesn't use >> 'path. There used to be something on the wiki about using '[home]' on a >> DC, I didn't know it had gone until you mentioned it ;-) > So if I use [home] it would be a normal share, to limit access to single user's "home" I have to follow this [1].No, that isn't the Unix users homedirectory. If you use [homes] (without the path), the Unix home directory is set to the 6th section of 'getent passwd username' and can be something like '/home/username'. This is set by Samba in one of two ways for an AD unix user, either by using the 'ad' backend which will extract the users 'unixHomeDirectory' attribute from AD, or by setting 'template homedir' in smb.conf.> >> How did you create the domain ? > Following the guide [2] > samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=WDC.MYDOMAIN.IT --domain=WDC --adminpass=passworNothing wrong there.>> Oh Dear, you seem to have a kerberos server running on your Samba AD DC, >> no sorry, make that two kerberos servers. > Well, it's NOT running. > Anyway I didn't install it on purpose, if it's there it came as a dependency of something else (Ubuntu.You posted: Cannot open DB2 database '/etc/krb5kdc/principal' I would expect to only see that on a machine with the MIT kdc installed, try this apt-get -s remove krb5-kdc This will prove one way or other if it is installed and what it wants to remove along with it, it will not remove anything.> >> That is unless your OS is Fedora and you are using the distro packages >> and you missed the 'experimental' warning. > Which warning are you referring to? This [3]?No, this one: https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Experimental_Feature> Any hint on how to recover? > > > As it's becoming urgent, what could be the most probable culprit of the inaccessible shares problem?What OS is this ? Can you run the attached script on the DC and copy the output into a post (sanitised if required) Rowland
Lorenzo Milesi
2020-May-18 20:55 UTC
[Samba] Intermittent permission denied when accessing share
> What OS is this ?Ubuntu 18.04.4> Can you run the attached script on the DC and copy the output into a > post (sanitised if required)I don't see any attachment. -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
Lorenzo Milesi
2020-May-18 21:06 UTC
[Samba] Intermittent permission denied when accessing share
> I would expect to only see that on a machine with the MIT kdc installed, > try this > > apt-get -s remove krb5-kdc > > This will prove one way or other if it is installed and what it wants to > remove along with it, it will not remove anything.Apparently nothing requires it: The following packages were automatically installed and are no longer required: libverto-libevent1 libverto1 Use 'apt autoremove' to remove them. The following packages will be REMOVED: krb5-kdc 0 upgraded, 0 newly installed, 1 to remove and 21 not upgraded. Remv krb5-kdc [1.16-2ubuntu0.1] I checked in apt history log and the package was installed manually, it's in the "Verified package dependencies" script for Ubuntu 18.04 [1] [1] https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Verified_Package_Dependencies -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
Reasonably Related Threads
- get_ea_dos_attribute: Cannot get attribute from EA on file .: Error = No data available
- Intermittent permission denied when accessing share
- Error changing server IP address: ERROR: Connecting to DNS RPC server
- get_ea_dos_attribute: Cannot get attribute from EA on file .: Error = No data available
- Intermittent permission denied when accessing share