Hi,
we have a stange problem here since samba 4.12. Users on specific
clients are not allowed to access a share after reboot of the client and
in very rare cases suddenly during use. When we restart the smb service
after the access denied message on the client for a share, the user is
allowed to access the share. So there seems no problem with permissions.
Are there any known reasons for this behavior?
Regards,
Andreas
smb.conf:
# Global parameters
[global]
??????? bind interfaces only = Yes
??????? dedicated keytab file = /etc/krb5.keytab
??????? interfaces = lo enp1s0f0
??????? kerberos method = secrets and keytab
??????? realm = ILRW.ING.DOM.TU-DRESDEN.DE
??????? security = ADS
??????? server min protocol = SMB3_00
??????? template homedir = /home/users/linux/%U
??????? template shell = /bin/bash
??????? winbind refresh tickets = Yes
??????? winbind separator = +
??????? workgroup = ILRW
??????? idmap config * : range = 2000-2999
??????? idmap config ilrw : backend = rid
??????? idmap config ilrw : range = 3000-9999 # UID aus RID f?r POOL
??????? idmap config dom : backend = rid
??????? idmap config dom : range = 10000-9999999 # UID aus RID f?r DOM
??????? idmap config * : backend = tdb
[Profile$]
??????? map acl inherit = Yes
??????? path = /home/users/windows/profiles
??????? read only = No
??????? smb encrypt = required
??????? vfs objects = acl_xattr
[Umleitungen$]
??????? map acl inherit = Yes
??????? path = /home/users/windows/redirections
??????? read only = No
??????? smb encrypt = required
??????? vfs objects = acl_xattr
[UserHome]
??????? comment = Home Directories
??????? create mask = 0600
??????? directory mask = 0700
??????? hide files =
/desktop.ini/Desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/
??????? inherit permissions = Yes
??????? path = /0nfs4exports/home/%U
??????? read only = No
??????? root preexec = /bin/MK_PAPIERKORB %H "%u" %h %S
??????? smb encrypt = required
??????? valid users = %U
??????? vfs objects = recycle crossrename
??????? recycle:repository = %H/.Papierkorb/%S
??????? recycle:directory_mode = 0700
??????? recycle:keeptree = Yes
??????? recycle:touch = Yes
??????? recycle:maxsize = 536870912
??????? recycle:versions = Yes
??????? recycle:noversions = *.ini | *.dat
??????? recycle:exclude = *.TMP | *.tmp | ~$*.doc
??????? recycle:exclude_dir = tmp | temp | cache
[UserPapierkorb]
??????? comment = Papierkorb von %u
??????? path = /0nfs4exports/home/%U/.Papierkorb
??????? read only = No
??????? smb encrypt = required
??????? valid users = %U
[rfstransfer]
??????? comment = RFS Datenaustausch
??????? inherit acls = Yes
??????? path = /home/rfs/transfer
??????? read only = No
??????? smb encrypt = required
??????? valid users = +ILRW+rfs-mitarbeiter +ILRW+rfs-studenten
+ILRW+rfs-angeh?riger
??????? acl_xattr:ignore system acls = yes
