Marc Muehlfeld
2006-Nov-15 21:29 UTC
[Samba] Permission denied errors when accessing shares on second DC after upgrade to 3.0.23c
Hello, since updating Samba from 3.0.22 to 3.0.23c I have trouble accessing shares on my first DC from computers out of my second domain. I have two DomainControllers (MUC, PASING). On both DC I have a domaingroup "zyto" (mapped name is "Zytogenetik") with gid=202 and a user muehlfeld with uid=1061. Passdb are different ldap subtrees. The SIDs of the group and the user differs, because of the different Domain-SID. Both domains trust each other. I have a share "MetaSetup" on my DC of domain MUC. From any workstation on MUC I can access it like before I updated to 3.0.23c, but from workstations out of domain PASING, I get a "Permission denied" error. The logfile now shows me at debug level 10: chdir (/shares/MetaSystems/MetaSetup) failed But im able to enter this directory, because my user is in group zyto: # la -d /shares/MetaSystems/MetaSetup drwxrws--- 25 zytogenetik zyto 736 Nov 7 13:05 /shares/MetaSystems/MetaSetup This is the section for this share: [MetaSetup] path = /shares/MetaSystems/MetaSetup browseable = yes force create mode = 0660 force directory mode = 2770 guest ok = no #valid users = +"MUC\Zytogenetik" +"PASING\Zytogenetik" #invalid users When I enable "in/valid users", like it was before, i don`t get the permission denied error, I get a request window for username and password. If I logon there with PASING\muehlfeld, I can enter the share. But I need the automatic mapping again, because the share is mapped in logonscript. Yesterday I tried out some different settings (set sambaGroupType from 2 to 4) and changed valid users to "+Zytogenetik", and it worked after a reload. Then I did a restart without changing anything else, and it quit working again. I tried to reproduce this, and got the same after many retries again. But happens very sporadically. Best regards Marc PS: I think winbind could be a better way to do, but I tried and was only able to get users and groups from the other domain, not from the own, when I run it on my DC. Is this planed for future releases? -- Marc Muehlfeld Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de
Marc Muehlfeld
2006-Nov-17 20:15 UTC
[Samba] Permission denied errors when accessing shares on second DC after upgrade to 3.0.23c
Nobody have a hint for me? :-( -- Marc Muehlfeld (Leitung Systemadministration) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de Marc Muehlfeld schrieb:> Hello, > > > since updating Samba from 3.0.22 to 3.0.23c I have trouble accessing > shares on my first DC from computers out of my second domain. > > I have two DomainControllers (MUC, PASING). On both DC I have a > domaingroup "zyto" (mapped name is "Zytogenetik") with gid=202 and a user > muehlfeld with uid=1061. Passdb are different ldap subtrees. The SIDs of > the group and the user differs, because of the different Domain-SID. Both > domains trust each other. > > I have a share "MetaSetup" on my DC of domain MUC. From any workstation > on MUC I can access it like before I updated to 3.0.23c, but from > workstations out of domain PASING, I get a "Permission denied" error. > > The logfile now shows me at debug level 10: > chdir (/shares/MetaSystems/MetaSetup) failed > > But im able to enter this directory, because my user is in group zyto: > > > # la -d /shares/MetaSystems/MetaSetup > drwxrws--- 25 zytogenetik zyto 736 Nov 7 13:05 > /shares/MetaSystems/MetaSetup > > > This is the section for this share: > > > [MetaSetup] > path = /shares/MetaSystems/MetaSetup browseable = yes force create mode > 0660 > force directory mode = 2770 guest ok = no #valid users = +"MUC\Zytogenetik" > +"PASING\Zytogenetik" > #invalid users > > > When I enable "in/valid users", like it was before, i don`t get the > permission denied error, I get a request window for username and password. > If I logon there with PASING\muehlfeld, I can enter the share. But I > need the automatic mapping again, because the share is mapped in > logonscript. > > Yesterday I tried out some different settings (set sambaGroupType from 2 > to 4) and changed valid users to "+Zytogenetik", and it worked after a > reload. Then I did a restart without changing anything else, and it quit > working again. I tried to reproduce this, and got the same after many > retries again. But happens very sporadically. > > > Best regards Marc > > > > PS: I think winbind could be a better way to do, but I tried and was only > able to get users and groups from the other domain, not from the own, > when I run it on my DC. Is this planed for future releases? > > > > > -- > Marc Muehlfeld > Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost > Lochhamer Str. 29 - D-82152 Martinsried > Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 > http://www.medizinische-genetik.de > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > >