samba - Apr 2018 - canonicalize_connect_path failed for service

Hi,

Our setup:

Samba (classic) DC: cdr-dc01
Samba (classic) member server: cdr-fs01. This is also a file server
AD realm: CDR.internal

We migrated to AD and came across an issue with accessing shares. The
shares in question worked pre-migrated. i.e using a windows machine a user
was able to access that share. The share in question was locked down to
just that user

Post migration, we are able to access any shares which are not locked down
to users i.e shares which are accessible to groups.

For the particular share in question, we get

 canonicalize_connect_path failed for service user01, path
/home/CDR/user01/samba

There is no /home/CDR . Where is this coming from?
The curios thing getent passwd gives the following
user01:*:3029:3000:user01:/home/CDR/user01:/bin/false

The user is not in the local /etc/passwd


The cdr-fs01 has been joined to the AD domain, and we have the following in
/etc/nsswitch.conf

shadow:        files
passwd:        winbind files
group:           winbind files


Thank you,

RT

On Mon, 23 Apr 2018 16:48:15 +1000
Rob Thoman via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> Our setup:
> 
> Samba (classic) DC: cdr-dc01
> Samba (classic) member server: cdr-fs01. This is also a file server
> AD realm: CDR.internal
> 
> We migrated to AD and came across an issue with accessing shares. The
> shares in question worked pre-migrated. i.e using a windows machine a
> user was able to access that share. The share in question was locked
> down to just that user
> 
> Post migration, we are able to access any shares which are not locked
> down to users i.e shares which are accessible to groups.
> 
> For the particular share in question, we get
> 
>  canonicalize_connect_path failed for service user01, path
> /home/CDR/user01/samba
> 
> There is no /home/CDR . 
Oh yes there is ;-)
> Where is this coming from?
From 'template homedir', it is the default setting.
> The curios thing getent passwd gives the following
> user01:*:3029:3000:user01:/home/CDR/user01:/bin/false
> 
> The user is not in the local /etc/passwd
As it it shouldn't be
> 
> 
> The cdr-fs01 has been joined to the AD domain, and we have the
> following in /etc/nsswitch.conf
> 
> shadow:        files
> passwd:        winbind files
> group:           winbind files
It should be 'files winbind'

What is the AD DC ?

Can you please post the smb.conf from 'cdr-fs01'

How did you migrate ? did you use 'samba-tool domain classicupgrade' ?
If you did is the original PDC still running as a PDC ? if so, turn it
off.

Rowland

Hi Rowland,

We did the classicupgrade. Post the classicupgrade, we added a Windows
2008R2 server and dcpomo'd it.  The original Samba box (classic DC) was
where we did the classicupgrade.  Did you mean that we need to shut that
box down? Leaving a Windows DC  (FSMO?) and Samba member server? Sorry I
was not aware of this step.  What if we hadn't added a Windows 08 box?


Here is the smb.conf

# Global parameters
[global]
       netbios name = CDR-FS01
       security = ADS
       workgroup = CDR
       realm = CDR.INTERNAL
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
idmap config CDR:backend = ad
idmap config CDR:schema_mode = rfc2307
idmap config CDR:range = 5000-6000

        log level = 2 auth:5
        log file = /var/log/samba/sambalog.%m
        logon script = %U.bat

[homes]
        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        browseable = No
        read only = No
        path = %H/samba
       follow symlinks = yes
       wide links = yes


I've tried both files winbind and the reverse. Same results.







On Mon, Apr 23, 2018 at 6:22 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 23 Apr 2018 16:48:15 +1000
> Rob Thoman via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > Our setup:
> >
> > Samba (classic) DC: cdr-dc01
> > Samba (classic) member server: cdr-fs01. This is also a file server
> > AD realm: CDR.internal
> >
> > We migrated to AD and came across an issue with accessing shares. The
> > shares in question worked pre-migrated. i.e using a windows machine a
> > user was able to access that share. The share in question was locked
> > down to just that user
> >
> > Post migration, we are able to access any shares which are not locked
> > down to users i.e shares which are accessible to groups.
> >
> > For the particular share in question, we get
> >
> >  canonicalize_connect_path failed for service user01, path
> > /home/CDR/user01/samba
> >
> > There is no /home/CDR .
>
> Oh yes there is ;-)
>
> > Where is this coming from?
>
> From 'template homedir', it is the default setting.
>
> > The curios thing getent passwd gives the following
> > user01:*:3029:3000:user01:/home/CDR/user01:/bin/false
> >
> > The user is not in the local /etc/passwd
>
> As it it shouldn't be
>
> >
> >
> > The cdr-fs01 has been joined to the AD domain, and we have the
> > following in /etc/nsswitch.conf
> >
> > shadow:        files
> > passwd:        winbind files
> > group:           winbind files
>
> It should be 'files winbind'
>
> What is the AD DC ?
>
> Can you please post the smb.conf from 'cdr-fs01'
>
> How did you migrate ? did you use 'samba-tool domain
classicupgrade' ?
> If you did is the original PDC still running as a PDC ? if so, turn it
> off.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>