Isaac Stone
2020-Jul-23 23:00 UTC
[Samba] vfs_shadow_copy2: permission denied - SMB_VFS_NEXT_OPENDIR() failed for '/snapshots'
Hello. I am trying to get the windows "previous versions" / shadow copies to work with our setup (samba+winbind over objectivefs). I have setup a test where I manually mounted two objectivefs snapshots in the /snapshots/ directory. Objectivefs filesystem is mounted on /ofs. When I try and look at the "previous version" in windows I get the error "there are no previous versions available" information: -------------------------------------------- smb --version Version 4.11.2 /etc/*-release NAME="Red Hat Enterprise Linux" VERSION="8.2 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.2" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.2 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8.2:GA" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.2 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.2" Red Hat Enterprise Linux release 8.2 (Ootpa) Red Hat Enterprise Linux release 8.2 (Ootpa) /etc/samba/smb.conf [global] netbios name = SMB-OFS-TMOLI42 realm = SAMDOM.LOCAL workgroup = SAMDOM security = ads log level = 5 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config SAMDOM : backend = rid idmap config SAMDOM : range = 10000-999999 map acl inherit = yes # uncomment for debugging purposes only; should not be used in production # winbind enum users = yes # winbind enum groups = yes winbind refresh tickets = yes # disables printing: load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #============================ Share Definitions =============================[ofs] path = /ofs writeable = yes browsable = yes fileid:algorithm = fsname vfs objects = fileid acl_xattr shadow_copy2 acl_xattr:ignore system acls = yes shadow:snapdir = /snapshots shadow:format = "%Y-%m-%dT%H:%M:%S" /var/log/samba/log.smbd ... [2020/07/23 21:33:47.672671, 2] ../../source3/smbd/open.c:1456(open_file) SAMDOM\user.name opened file foo.txt read=Yes write=No (numopen=6) [2020/07/23 21:33:47.672697, 5] ../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/lock/locking.tdb [2020/07/23 21:33:47.672773, 5] ../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/lock/locking.tdb [2020/07/23 21:33:47.672845, 5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print) dos_mode_debug_print: parse_dos_attribute_blob returning (0x20): "a" [2020/07/23 21:33:47.672872, 5] ../../source3/smbd/dosmode.c:72(dos_mode_debug_print) dos_mode_debug_print: dos_mode returning (0x20): "a" [2020/07/23 21:33:47.672887, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(11117, 10513) : sec_ctx_stack_ndx = 1 [2020/07/23 21:33:47.672910, 4] ../../source3/smbd/uid.c:576(push_conn_ctx) push_conn_ctx(3015844062) : conn_ctx_stack_ndx = 0 [2020/07/23 21:33:47.672928, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2020/07/23 21:33:47.672943, 5] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/07/23 21:33:47.672956, 5] ../../source3/auth/token_util.c:874(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/07/23 21:33:47.673030, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx) pop_sec_ctx (11117, 10513) - sec_ctx_stack_ndx = 0 [2020/07/23 21:33:47.673070, 5] ../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb [2020/07/23 21:33:47.673096, 5] ../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb [2020/07/23 21:33:47.673777, 5] ../../source3/smbd/uid.c:326(change_to_user_impersonate) change_to_user_impersonate: Skipping user change - already user [2020/07/23 21:33:47.673825, 5] ../../source3/smbd/uid.c:300(print_impersonation_info) print_impersonation_info: Impersonated user: uid=(11117,11117), gid=(0,10513), cwd=[/ofs] [2020/07/23 21:33:47.673858, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(11117, 10513) : sec_ctx_stack_ndx = 1 [2020/07/23 21:33:47.673878, 4] ../../source3/smbd/uid.c:576(push_conn_ctx) push_conn_ctx(3015844062) : conn_ctx_stack_ndx = 0 [2020/07/23 21:33:47.673889, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2020/07/23 21:33:47.673898, 5] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/07/23 21:33:47.673907, 5] ../../source3/auth/token_util.c:874(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/07/23 21:33:47.673943, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx) pop_sec_ctx (11117, 10513) - sec_ctx_stack_ndx = 0 [2020/07/23 21:33:47.673987, 2] ../../source3/modules/vfs_shadow_copy2.c:2178(shadow_copy2_get_shadow_copy_data) shadow_copy2: SMB_VFS_NEXT_OPENDIR() failed for '/snapshots' - Permission denied [2020/07/23 21:33:47.674018, 5] ../../source3/modules/vfs_default.c:1284(vfswrap_fsctl) FSCTL_GET_SHADOW_COPY_DATA: connectpath /ofs, failed - NT_STATUS_NOT_SUPPORTED. [2020/07/23 21:33:47.674034, 3] ../../source3/smbd/smb2_server.c:3266(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_DEVICE_REQUEST] || at ../../source3/smbd/smb2_ioctl.c:312 [2020/07/23 21:33:58.271434, 5] ../../source3/smbd/uid.c:326(change_to_user_impersonate) change_to_user_impersonate: Skipping user change - already user [2020/07/23 21:33:58.380559, 5] ../../source3/smbd/uid.c:300(print_impersonation_info) print_impersonation_info: Impersonated user: uid=(11117,11117), gid=(0,10513), cwd=[/ofs] [2020/07/23 21:33:58.380606, 5] ../../lib/dbwrap/dbwrap.c:130(dbwrap_lock_order_lock) dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/lock/locking.tdb [2020/07/23 21:33:58.380674, 5] ../../lib/dbwrap/dbwrap.c:159(dbwrap_lock_order_unlock) dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/lock/locking.tdb [2020/07/23 21:33:58.380723, 2] ../../source3/smbd/close.c:813(close_normal_file) SAMDOM\user.name closed file foo.txt (numopen=5) NT_STATUS_OK ... wbinfo --gid-info 10513 SAMDOM\domain users:x:10513: wbinfo --uid-info 11117 SAMDOM\user.name:*:11117:10513::/home/SOMDEV/user.name:/bin/false stat /snapshots/ File: /snapshots/ Size: 60 Blocks: 0 IO Block: 4096 directory Device: ca02h/51714d Inode: 25249202 Links: 4 Access: (0777/drwxrwxrwx) Uid: (11117/SAMDOM\user.name) Gid: (10513/SOMDEV\domain users) Context: unconfined_u:object_r:default_t:s0 Access: 2020-07-23 21:28:52.423473925 +0000 Modify: 2020-07-23 17:30:42.754694526 +0000 Change: 2020-07-23 21:33:26.326257000 +0000 Birth: - ------------------------------------------------------- let me know if there is any other information you might need. Thanks, - isaac stone
Andrew Walker
2020-Jul-24 01:14 UTC
[Samba] vfs_shadow_copy2: permission denied - SMB_VFS_NEXT_OPENDIR() failed for '/snapshots'
On Thu, Jul 23, 2020 at 7:01 PM Isaac Stone via samba <samba at lists.samba.org> wrote:> > vfs objects = fileid acl_xattr shadow_copy2 > > Try putting shadow_copy2 before acl_xattr in the list.
Isaac Stone
2020-Jul-24 17:27 UTC
[Samba] vfs_shadow_copy2: permission denied - SMB_VFS_NEXT_OPENDIR() failed for '/snapshots'
No luck, still have the same error On Thu, Jul 23, 2020 at 6:14 PM Andrew Walker <walker.aj325 at gmail.com> wrote:> > > On Thu, Jul 23, 2020 at 7:01 PM Isaac Stone via samba < > samba at lists.samba.org> wrote: > >> >> vfs objects = fileid acl_xattr shadow_copy2 >> >> Try putting shadow_copy2 before acl_xattr in the list. >
Possibly Parallel Threads
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- understanding stat cache
- Samba omitting the user group setting, might be a bug
- Samba4 - Printer Drivers install fails