Philippe LeCavalier
2017-Feb-16 18:16 UTC
[Samba] SAMBA AD DC Access Denied to Redirected Folders
Hi everyone, I'm re-posting this because my previous thread (see below) for whatever reason I cannot reply to. So I'm starting a new one in the hopes that I can respond to those who made suggestions and hopefully get to a solution. In a nutshell, I've got a SAMBA4 AD DC server running Debian 8 stable. It's setup for roaming profiles, home dirs and redirected folders. Randomly, when users login they get an error about the recycle bin folders on each of their redirected folders and are then denied access. The folders in question are: Desktop Documents Favorites Start Menu One response I got from Rowland is *exactly* what is happening. Furthermore the fix does work (and is what I had discovered as a workable fix as well). However, it only "sticks" for a few days and then it happens again. So I reapply the fix, have the user log out/in...wash, rinse and repeat. This is the MS fix Rowland suggested: http://www.ieple.com/blog/fixing-corrupted-recycle-bin-in-redirected-folders-server-2012-r2-essentials Another response suggested I disable the recycle bin on the desktop to see if that is the cause. In windows 10 however, I cannot find how to do that. If I right click on the recycle bin in the desktop it does list the various recycle bin and their properties but no function to disabled them is apparent. Also, I would be concerned with leaving that disabled if I figured out how to considering how much data the users leave on their desktops. HEnce the need for redirected folders. Perhaps it was jsut suggested for test purposes... Hopefully you guys can respond to this b/c I really need to address this. Worse case, please cc me directly. The original thread: https://lists.samba.org/archive/samba/2017-January/206138.html -- Regards, Phil
L.P.H. van Belle
2017-Feb-17 10:48 UTC
[Samba] SAMBA AD DC Access Denied to Redirected Folders
Hai, Recap your using: Debian Jessie, samba 4.2.14 ( from debian stable ) I'll repeat my question to you. Can you post at least your smb.conf ? ( optional but preffered if im debugging this for you. ) Can you mail me a screenshot off your share security settings and folder security settings. Mail me this directly, the list wont show them. This is my setting in my folder redirect. ! im using the users share. ! I use the "users" share so i dont have to mess up the "special" rights on the profiles share. Users put documents on there desktop, so i preffer to separate that from profiles share. For the following locations: Desktop Documents Favorites Start Menu Downloads And i dont have problems with the recycle bin. And i have the share on my member like this in the GPO. \\f.q.d.n\users\%USERNAME%\Desktop Options use exclusive richts for the user is enabled. Samba (member) share [users] browseable = yes path = /home/samba/users read only = no acl_xattr:ignore system acl = yes !! BEWARE !! When adding : acl_xattr:ignore system acl = yes You MUST set the share and security settings again ! Last, post the windows event id when this happens. Thats a very usefull one. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Philippe > LeCavalier via samba > Verzonden: donderdag 16 februari 2017 19:17 > Aan: samba at lists.samba.org > CC: Björn Jacke > Onderwerp: [Samba] SAMBA AD DC Access Denied to Redirected Folders > > Hi everyone, > > I'm re-posting this because my previous thread (see below) for whatever > reason I cannot reply to. So I'm starting a new one in the hopes that I > can > respond to those who made suggestions and hopefully get to a solution. > > In a nutshell, I've got a SAMBA4 AD DC server running Debian 8 stable. > It's > setup for roaming profiles, home dirs and redirected folders. Randomly, > when users login they get an error about the recycle bin folders on each > of > their redirected folders and are then denied access. The folders in > question are: > > Desktop > Documents > Favorites > Start Menu > > One response I got from Rowland is *exactly* what is happening. > Furthermore > the fix does work (and is what I had discovered as a workable fix as > well). > However, it only "sticks" for a few days and then it happens again. So I > reapply the fix, have the user log out/in...wash, rinse and repeat. > > This is the MS fix Rowland suggested: > http://www.ieple.com/blog/fixing-corrupted-recycle-bin-in-redirected- > folders-server-2012-r2-essentials > > Another response suggested I disable the recycle bin on the desktop to see > if that is the cause. In windows 10 however, I cannot find how to do that. > If I right click on the recycle bin in the desktop it does list the > various > recycle bin and their properties but no function to disabled them is > apparent. Also, I would be concerned with leaving that disabled if I > figured out how to considering how much data the users leave on their > desktops. HEnce the need for redirected folders. Perhaps it was jsut > suggested for test purposes... > > Hopefully you guys can respond to this b/c I really need to address this. > Worse case, please cc me directly. > > The original thread: > https://lists.samba.org/archive/samba/2017-January/206138.html > -- > Regards, > Phil > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Philippe LeCavalier
2017-Mar-25 13:21 UTC
[Samba] SAMBA AD DC Access Denied to Redirected Folders
On Thu, Feb 16, 2017 at 1:16 PM Philippe LeCavalier <support at plecavalier.com> wrote:> Hi everyone, > > I'm re-posting this because my previous thread (see below) for whatever > reason I cannot reply to. So I'm starting a new one in the hopes that I can > respond to those who made suggestions and hopefully get to a solution. > > In a nutshell, I've got a SAMBA4 AD DC server running Debian 8 stable. > It's setup for roaming profiles, home dirs and redirected folders. > Randomly, when users login they get an error about the recycle bin folders > on each of their redirected folders and are then denied access. The folders > in question are: > > Desktop > Documents > Favorites > Start Menu > > One response I got from Rowland is *exactly* what is happening. > Furthermore the fix does work (and is what I had discovered as a workable > fix as well). However, it only "sticks" for a few days and then it happens > again. So I reapply the fix, have the user log out/in...wash, rinse and > repeat. > > This is the MS fix Rowland suggested: > > http://www.ieple.com/blog/fixing-corrupted-recycle-bin-in-redirected-folders-server-2012-r2-essentials > > Another response suggested I disable the recycle bin on the desktop to see > if that is the cause. In windows 10 however, I cannot find how to do that. > If I right click on the recycle bin in the desktop it does list the various > recycle bin and their properties but no function to disabled them is > apparent. Also, I would be concerned with leaving that disabled if I > figured out how to considering how much data the users leave on their > desktops. HEnce the need for redirected folders. Perhaps it was jsut > suggested for test purposes... > > Hopefully you guys can respond to this b/c I really need to address this. > Worse case, please cc me directly. > > The original thread: > https://lists.samba.org/archive/samba/2017-January/206138.html > -- > Regards, > Phil >I'm just reviving this because I was unable to reply due to access issues with the mailing list. Any suggestions are greatly appreciated. On a side note: thank you Bjorn and Rowland for your assistance in getting things sorted to get me back on the list. -- Regards, Phil
Philippe LeCavalier
2017-Mar-25 14:21 UTC
[Samba] SAMBA AD DC Access Denied to Redirected Folders
On Sat, Mar 25, 2017 at 9:21 AM Philippe LeCavalier <support at plecavalier.com> wrote: On Thu, Feb 16, 2017 at 1:16 PM Philippe LeCavalier <support at plecavalier.com> wrote: Hi everyone, I'm re-posting this because my previous thread (see below) for whatever reason I cannot reply to. So I'm starting a new one in the hopes that I can respond to those who made suggestions and hopefully get to a solution. In a nutshell, I've got a SAMBA4 AD DC server running Debian 8 stable. It's setup for roaming profiles, home dirs and redirected folders. Randomly, when users login they get an error about the recycle bin folders on each of their redirected folders and are then denied access. The folders in question are: Desktop Documents Favorites Start Menu One response I got from Rowland is *exactly* what is happening. Furthermore the fix does work (and is what I had discovered as a workable fix as well). However, it only "sticks" for a few days and then it happens again. So I reapply the fix, have the user log out/in...wash, rinse and repeat. This is the MS fix Rowland suggested: http://www.ieple.com/blog/fixing-corrupted-recycle-bin-in-redirected-folders-server-2012-r2-essentials Another response suggested I disable the recycle bin on the desktop to see if that is the cause. In windows 10 however, I cannot find how to do that. If I right click on the recycle bin in the desktop it does list the various recycle bin and their properties but no function to disabled them is apparent. Also, I would be concerned with leaving that disabled if I figured out how to considering how much data the users leave on their desktops. HEnce the need for redirected folders. Perhaps it was jsut suggested for test purposes... Hopefully you guys can respond to this b/c I really need to address this. Worse case, please cc me directly. The original thread: https://lists.samba.org/archive/samba/2017-January/206138.html -- Regards, Phil I'm just reviving this because I was unable to reply due to access issues with the mailing list. Any suggestions are greatly appreciated. On a side note: thank you Bjorn and Rowland for your assistance in getting things sorted to get me back on the list. -- Regards, Phil As requested by an earlier reply to the original thread, here are my configs: smb.conf # Global parameters [global] workgroup = INTRANET realm = INTRANET.DOMAIN.COM netbios name = DC11 server role = active directory domain controller dns forwarder = 192.168.1.1 idmap_ldb:use rfc2307 = yes map acl inherit = yes client ldap sasl wrapping = sign # Default idmap config for local BUILTIN accounts and groups idmap config * : backend = tdb idmap config * : range = 3000-7999 # idmap config for the INTRANET domain idmap config INTRANET:backend = ad idmap config INTRANET:schema_mode = rfc2307 idmap config INTRANET:range = 10000-999999 # Template settings for login shell and home directory winbind nss info = template template shell = /bin/bash template homedir = /data/home/%U [netlogon] path = /var/lib/samba/sysvol/intranet.domain.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [profiles] path = /data/profiles read only = no [home] path = /data/home read only = no As you can see I did create a [home] share and perhaps that is the source of the problem. I wanted each users redirected folders to be as safe from each other as possible. nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis resolv.conf cat /etc/resolv.conf domain intranet.domain.com search intranet.domain.com nameserver 192.168.1.11 hosts.conf cat /etc/hosts 127.0.0.1 localhost 192.168.1.11 dc11.intranet.domain.com dc11 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters I think that covers it for what was requested. If not please ask away. -- Regards, Phil