Hello,
Thank you everyone in advance for your time and support? I am the
Administrator of a small network, with about 60 desktops (mostly windows
10) that connect to a Linux VM running samba for file sharing).? In the
last few months I completed the transition from the Samba server running
as a vm on an OpenVZ machine.? It was running Centos 6, with an older
version of samba.? Now the server has been migrated to a vmware esxi
server, with the same amount of provisioned CPU and Ram resources, and a
bigger hard drive, running Centos 7 with Samba 4.10.4.?
Basically the migration involved setting up a new vmware VM,
provisioning CPU, ram and hard drive space, installing CentOS 7,
re-creating all user accounts and permissions and then using rsync to
move all of the data over from the old to the new server (about 2 TB)
Since moving to CentOS 7 and Samba 4.10.4 I have had many entries in
/var/log/messages that look like this:
--
Aug 28 10:22:27 luigi2 smbd[118071]: [2020/08/28 10:22:27.284420,?
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:22:27 luigi2 smbd[118071]:? FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/documents/<share>, failed -
NT_STATUS_ACCESS_DENIED.
Aug 28 10:24:29 luigi2 smbd[127904]: [2020/08/28 10:24:29.937661,?
0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
Aug 28 10:24:29 luigi2 smbd[127904]:? access denied on listing
snapdir /shares/.snapshots
Aug 28 10:24:29 luigi2 smbd[127904]: [2020/08/28 10:24:29.937809,?
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:24:29 luigi2 smbd[127904]:? FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/documents/<share>, failed -
NT_STATUS_ACCESS_DENIED.
Aug 28 10:24:31 luigi2 smbd[127904]: [2020/08/28 10:24:31.574700,?
0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
Aug 28 10:24:31 luigi2 smbd[127904]:? access denied on listing
snapdir /shares/.snapshots
Aug 28 10:24:31 luigi2 smbd[127904]: [2020/08/28 10:24:31.574837,?
0] ../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
Aug 28 10:24:31 luigi2 smbd[127904]:? FSCTL_GET_SHADOW_COPY_DATA:
connectpath /shares/users/<share>, failed - NT_STATUS_ACCESS_DENIED.
--------
in /var/log/samba I have log files set up per machine as
/var/log/samba/log.<machinename>
All of the log files have similar entries with different directory paths
that look like this:
[2020/08/28 10:21:13.481207,? 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
? access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:21:13.481754,? 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
? FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/documents/<share>,
failed - NT_STATUS_ACCESS_DENIED.
[2020/08/28 10:24:29.937661,? 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
? access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:24:29.937809,? 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
? FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/documents/<share>,
failed - NT_STATUS_ACCESS_DENIED.
[2020/08/28 10:24:31.574700,? 0]
../../source3/modules/vfs_shadow_copy2.c:2159(shadow_copy2_get_shadow_copy_data)
? access denied on listing snapdir /shares/.snapshots
[2020/08/28 10:24:31.574837,? 0]
../../source3/modules/vfs_default.c:1287(vfswrap_fsctl)
? FSCTL_GET_SHADOW_COPY_DATA: connectpath /shares/users/<share>,
failed - NT_STATUS_ACCESS_DENIED.
The basic share for documents is /shares/documents/<dept> such as mfg etc
The shares for users are in /shares/users/<username>
smb.conf:
------------------------------------------------------
#======================= Global Settings
====================================
[global]
??????? workgroup = FSP
??????? server string = Luigi Samba Server Version %v
??????? netbios name = LUIGI
server min protocol = NT1
lanman auth = yes
ntlm auth = yes
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
??????? # logs split per machine
??????? log file = /var/log/samba/log.%m
??????? # max 50KB per log file, then rotate
??????? max log size = 1024
# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
??????? security = user
??????? passdb backend = tdbsam
# ----------------------- Browser Control Options
----------------------------
??????? os level = 43
??????? preferred master = yes
#----------------------------- Name Resolution
-------------------------------
??????? dns proxy = yes
# --------------------------- Printing Options -----------------------------
??????? load printers = no
??????? cups options = raw
# --------------------------- Filesystem Options ---------------------------
??????? vfs objects = shadow_copy2
veto files = /Maildir/.?*/lost+found/
acl allow execute always = True
#acl allow execute always = false
##############Custom Entry Chris Wensink#########
ntlm auth - yes
#============================ Share Definitions
=============================
[homes]
??????? comment = Home Directories
??????? browseable = no
??????? writable = yes
??????? valid users = %S
??????? read only = No
??????? create mask = 0640
??????? directory mask = 0750
[public]
??????? comment = Public files read by all but written by few
??????? path = /shares/documents/public
??????? valid users = @users
??????? read only = no
??????? inherit permissions = Yes
??????? #custom entries cw 8.19.2020
??????? shadow:basedir = /shares/documents
??????? shadow:snapdir = ../.documents
??????? #shadow:sort = desc
??????? #follow symlinks = yes
??????? #wide links = yes
[private]
??????? comment = Private files read by few and written by few
??????? path = /shares/documents/private
??????? valid users = @users
??????? read only = no
??????? inherit permissions = Yes
[temp]
??????? comment = Temporary files read by all and written by all
??????? path = /shares/documents/temp
??????? read only = no
??????? inherit permissions = Yes
??????? valid users = @users @manitowoc @tools
[limited]
??????? comment = Limited access folder
??????? path = /shares/documents/limited
??????? valid users = @limited
??????? read only = no
??????? inherit permissions = Yes
[mfg]
??????? comment = Manufacturing files
??????? path = /shares/documents/mfg
??????? valid users = @mfg
??????? read only = no
??????? inherit permissions = Yes
#?????? inherit acls = yes
[mfgsetup]
??????? comment = Manufacturing setup files
??????? path = /shares/documents/mfg_setup
??????? valid users = @mfg_setup
??????? read only = no
??????? inherit permissions = Yes
[rp]
??????? comment = Rapid prototyping files
??????? path = /shares/documents/rp
??????? valid users = @rp
??????? read only = no
??????? inherit permissions = Yes
[rpsetup]
??????? comment = Rapid prototyping setup files
??????? path = /shares/documents/rp_setup
??????? valid users = @rp_setup
??????? read only = no
??????? inherit permissions = Yes
??????? #ntlm auth = yes
[intranet]
??????? comment = Intranet web site
??????? path = /shares/documents/intranet
??????? valid users = @intranet
??????? force group = intranet
??????? read only = no
??????? inherit permissions = Yes
[accounts]
??????? comment = accounts
??????? path = /shares/documents/accounts
??????? valid users = @accounts
??????? read only = no
??????? inherit permissions = Yes
-------------------------------------------------------
A separate backup system is taking backups of the server on a vm
snapshot level daily and on a file level hourly, unrelated to
snapshots.? Do I need the snapshots functionality?? I have not set this
up, and I don't know if I need to?? What are your recommendations?
Respectfully,
Chris
--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink at five-star-plastics.com
www.five-star-plastics.com