Hi, I've a big problem with my shares on a domain AD member server. On this server there is severals shares directories : - \data\dir1 [share_one] - \data\dir2 [share_two] - \data\dir3 [share_three] \data is a mounted partition when I browse one of my share in windows, \\myserver\share_one for exmple, I can see all directories of my server !! : bin, boot, dev, lib, ..... data directory is here but I can't access it. The samba status deamon log : [2019/11/25 19:05:31.753338,? 0] ../source3/smbd/uid.c:417(change_to_user_internal) nov. 25 19:05:31 myserver.mydomain smbd[75484]: change_to_user_internal: chdir_current_service() failed! The samba logs : [2019/11/25 19:06:42.602821,? 2] ../source3/smbd/vfs.c:1305(check_reduced_name) ? check_reduced_name: Bad access attempt: . is a symlink outside the share path ? conn_rootdir =/data/dir2 ? resolved_name=/ [2019/11/25 19:06:42.602889,? 3] ../source3/smbd/filename.c:1382(get_real_filename_full_scan) ? scan dir didn't open dir [.] [2019/11/25 19:06:42.602923,? 3] ../source3/smbd/smb2_server.c:3190(smbd_smb2_request_error_ex) ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_create.c:296 The smb.conf : [global] workgroup = REALM realm = REALM.DOMAIN.COM security = ADS bind interfaces only = yes interfaces = lo em1 log level = 3 passdb:5 auth:5 log file = /var/log/samba/samba.log max log size = 5000 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config ENSIMLAN:backend = ad idmap config ENSIMLAN:schema_mode = rfc2307 idmap config ENSIMLAN:range = 10000-999999 idmap config ENSIMLAN:unix_nss_info = yes acl allow execute always = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15 unix extensions = no [share_one] path = /data/dir1/ read only = no force create mode = 0600 force directory mode = 0700 follow symlinks = yes wide links = yes browseable = no hide files = /desktop.ini/$RECYCLE.BIN/ [share_two] path = /data/dir2/ browseable = no read only = No force create mode = 0600 force directory mode = 0700 csc policy = disable store dos attributes = yes vfs objects = acl_xattr hide files = /desktop.ini/$RECYCLE.BIN/ [share_three] path = /data/dir3/ browseable = no read only = No force create mode = 770 force directory mode = 770 csc policy = disable store dos attributes = yes vfs objects = acl_xattr hide dot files = yes hide files = /desktop.ini/$RECYCLE.BIN/ I really don't know what happened '-( Any ideas ??
On 25/11/2019 18:12, Tom via samba wrote:> Hi, > > I've a big problem with my shares on a domain AD member server. > > On this server there is severals shares directories : > > - \data\dir1 [share_one] > - \data\dir2 [share_two] > - \data\dir3 [share_three] > > \data is a mounted partition > > when I browse one of my share in windows, \\myserver\share_one for > exmple, I can see all directories of my server !! : bin, boot, dev, > lib, ..... data directory is here but I can't access it. > > The samba status deamon log : > > [2019/11/25 19:05:31.753338,? 0] > ../source3/smbd/uid.c:417(change_to_user_internal) > nov. 25 19:05:31 myserver.mydomain smbd[75484]: > change_to_user_internal: chdir_current_service() failed! > > The samba logs : > > [2019/11/25 19:06:42.602821,? 2] > ../source3/smbd/vfs.c:1305(check_reduced_name) > ? check_reduced_name: Bad access attempt: . is a symlink outside the > share path > ? conn_rootdir =/data/dir2 > ? resolved_name=/ > [2019/11/25 19:06:42.602889,? 3] > ../source3/smbd/filename.c:1382(get_real_filename_full_scan) > ? scan dir didn't open dir [.] > [2019/11/25 19:06:42.602923,? 3] > ../source3/smbd/smb2_server.c:3190(smbd_smb2_request_error_ex) > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_create.c:296 > > The smb.conf : > > [global] > > workgroup = REALM > realm = REALM.DOMAIN.COM > security = ADS > > bind interfaces only = yes > interfaces = lo em1 > > log level = 3 passdb:5 auth:5 > log file = /var/log/samba/samba.log > max log size = 5000 > > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > idmap config ENSIMLAN:backend = ad > idmap config ENSIMLAN:schema_mode = rfc2307 > idmap config ENSIMLAN:range = 10000-999999 > idmap config ENSIMLAN:unix_nss_info = yes > > > acl allow execute always = yes > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 > TCP_KEEPINTVL=15 > > unix extensions = no > > [share_one] > path = /data/dir1/ > read only = no > force create mode = 0600 > force directory mode = 0700 > follow symlinks = yes > wide links = yes > browseable = no > hide files = /desktop.ini/$RECYCLE.BIN/ > > [share_two] > path = /data/dir2/ > browseable = no > read only = No > force create mode = 0600 > force directory mode = 0700 > csc policy = disable > store dos attributes = yes > vfs objects = acl_xattr > hide files = /desktop.ini/$RECYCLE.BIN/ > > [share_three] > path = /data/dir3/ > browseable = no > read only = No > force create mode = 770 > force directory mode = 770 > csc policy = disable > store dos attributes = yes > vfs objects = acl_xattr > hide dot files = yes > hide files = /desktop.ini/$RECYCLE.BIN/ > > I really don't know what happened '-( > > Any ideas ?? >You have shot yourself in the foot with 'unix extensions = no' and 'wide links = yes' Rowland
ok, I remove the bullet in my foot, but still the problem '-( This morning? all was ok, and this afternoon nothing works Le 25/11/2019 ? 19:25, Rowland penny via samba a ?crit?:> On 25/11/2019 18:12, Tom via samba wrote: >> Hi, >> >> I've a big problem with my shares on a domain AD member server. >> >> On this server there is severals shares directories : >> >> - \data\dir1 [share_one] >> - \data\dir2 [share_two] >> - \data\dir3 [share_three] >> >> \data is a mounted partition >> >> when I browse one of my share in windows, \\myserver\share_one for >> exmple, I can see all directories of my server !! : bin, boot, dev, >> lib, ..... data directory is here but I can't access it. >> >> The samba status deamon log : >> >> [2019/11/25 19:05:31.753338,? 0] >> ../source3/smbd/uid.c:417(change_to_user_internal) >> nov. 25 19:05:31 myserver.mydomain smbd[75484]: >> change_to_user_internal: chdir_current_service() failed! >> >> The samba logs : >> >> [2019/11/25 19:06:42.602821,? 2] >> ../source3/smbd/vfs.c:1305(check_reduced_name) >> ? check_reduced_name: Bad access attempt: . is a symlink outside the >> share path >> ? conn_rootdir =/data/dir2 >> ? resolved_name=/ >> [2019/11/25 19:06:42.602889,? 3] >> ../source3/smbd/filename.c:1382(get_real_filename_full_scan) >> ? scan dir didn't open dir [.] >> [2019/11/25 19:06:42.602923,? 3] >> ../source3/smbd/smb2_server.c:3190(smbd_smb2_request_error_ex) >> ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] >> status[NT_STATUS_NOT_SUPPORTED] || at ../source3/smbd/smb2_create.c:296 >> >> The smb.conf : >> >> [global] >> >> workgroup = REALM >> realm = REALM.DOMAIN.COM >> security = ADS >> >> bind interfaces only = yes >> interfaces = lo em1 >> >> log level = 3 passdb:5 auth:5 >> log file = /var/log/samba/samba.log >> max log size = 5000 >> >> >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> >> idmap config ENSIMLAN:backend = ad >> idmap config ENSIMLAN:schema_mode = rfc2307 >> idmap config ENSIMLAN:range = 10000-999999 >> idmap config ENSIMLAN:unix_nss_info = yes >> >> >> acl allow execute always = yes >> >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> >> socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 >> TCP_KEEPINTVL=15 >> >> unix extensions = no >> >> [share_one] >> path = /data/dir1/ >> read only = no >> force create mode = 0600 >> force directory mode = 0700 >> follow symlinks = yes >> wide links = yes >> browseable = no >> hide files = /desktop.ini/$RECYCLE.BIN/ >> >> [share_two] >> path = /data/dir2/ >> browseable = no >> read only = No >> force create mode = 0600 >> force directory mode = 0700 >> csc policy = disable >> store dos attributes = yes >> vfs objects = acl_xattr >> hide files = /desktop.ini/$RECYCLE.BIN/ >> >> [share_three] >> path = /data/dir3/ >> browseable = no >> read only = No >> force create mode = 770 >> force directory mode = 770 >> csc policy = disable >> store dos attributes = yes >> vfs objects = acl_xattr >> hide dot files = yes >> hide files = /desktop.ini/$RECYCLE.BIN/ >> >> I really don't know what happened '-( >> >> Any ideas ?? >> > You have shot yourself in the foot with 'unix extensions = no' and > 'wide links = yes' > > Rowland > > >
Am 25.11.19 um 19:12 schrieb Tom via samba:> > socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 > TCP_KEEPINTVL=15This is the next thing you should remove. The kernel is handling everything with sockets and performance. By setting this parameter the kernel can't set the optimal settings. The parameter "store dos attributes is default depending of your samba4 version. Don't user any parameters regarding permission, because you use "vfs objects = acl_xattr" and "inherit permission = yes" so you set alle the permissions in Windows and not on the commandline Did you check the linux-filepermissions? Can you write into the file when you log in to the linux-System? Do you get any error when doing a "testparm"? Normally a share looks like this: [share_one] path = /data/dir1/ read only = no browseable = no vfs objects = acl_xattr inherit acls = yes Everything else is handled via Windows-securitysettings of the folder. -- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
Mandi! Stefan Kania via samba In chel di` si favelave...> > socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 > > TCP_KEEPINTVL=15 > This is the next thing you should remove. The kernel is handling > everything with sockets and performance. By setting this parameter the > kernel can't set the optimal settings.TCP_NODELAY is the default. TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15 is something needed if you use roaming profile: default locks time is too long, and users get 'temporary profiles' errors if not specified... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)