"Rowland penny via samba" samba at lists.samba.org ? 21 September 2020 11:03> On 21/09/2020 08:55, Jonas via samba wrote: > No idea about the cephs part, but your smb.conf isn't correct, your > workgroup shouldn't be the same as the realm, perhaps use 'INT' instead. > You have no 'idmap config' lines, how are you going to map your AD users > to Unix users ? You have 'guest ok = yes' set in [plm] but you do not > have 'map to guest = bad user' set in [global], so guest access will not > work. Finally, by setting 'vfs objects = ceph' in [plm], you have turned > off acl_xattr on the share.Sorry, I tried to keep the config as short as possible and deleted and renamed some stuff. Probably not the best idea. Here is the full config: [global] clustering = Yes netbios name = FSCLUSTER realm = INT.EXAMPLE.COM registry shares = Yes security = ADS template shell = /bin/zsh winbind refresh tickets = Yes winbind use default domain = Yes workgroup = INT.EXAMPLE idmap config int.example:range = 1000000-1999999 idmap config int.example:backend = rid idmap config *:range = 10000-19999 idmap config * : backend = tdb map acl inherit = Yes vfs objects = acl_xattr [plm] force create mode = 0770 force directory mode = 0770 force group = "domain users" guest ok = Yes inherit permissions = Yes kernel share modes = No path = /plm read only = No valid users = "@domain users" vfs objects = ceph ceph:config_file = /etc/ceph/ceph.conf ceph:user_id = samba Hope that it is clarified now
On 21/09/2020 10:32, Jonas via samba wrote:> Sorry, I tried to keep the config as short as possible and deleted and renamed some stuff. Probably not the best idea.Sanitise, yes, shortening isn't a good idea.> Here is the full config: > > > [global] > clustering = Yes > netbios name = FSCLUSTER > realm = INT.EXAMPLE.COM > registry shares = Yes > security = ADS > template shell = /bin/zsh > winbind refresh tickets = Yes > winbind use default domain = Yes > workgroup = INT.EXAMPLEYou cannot use a dot '.' in a workgroup name> idmap config int.example:range = 1000000-1999999 > idmap config int.example:backend = rid > idmap config *:range = 10000-19999 > idmap config * : backend = tdb > map acl inherit = Yes > vfs objects = acl_xattr > [plm] > force create mode = 0770 > force directory mode = 0770 > force group = "domain users" > guest ok = Yes > inherit permissions = Yes > kernel share modes = No > path = /plm > read only = No > valid users = "@domain users"Guest access is not going to work because the guest users name will be 'nobody' and 'nobody' is not a member of 'Domain Users'> vfs objects = cephYou are turning off acl_xattr Rowland
"Rowland penny via samba" samba at lists.samba.org ? 21 September 2020 11:54> > workgroup = INT.EXAMPLE > You cannot use a dot '.' in a workgroup nameChanged the workgroup to EXAMPLE.> > valid users = "@domain users" > Guest access is not going to work because the guest users name will be > 'nobody' and 'nobody' is not a member of 'Domain Users'As written before it is working when I change the path to / instead of /plm. Therefore I don't think that this is the problem> > vfs objects = ceph > You are turning off acl_xattrChanged to: vfs objects = acl_xattr ceph Same result after all the changes above: ctdb-eventd[248]: 50.samba: ERROR: samba directory "/plm" not available Regards Jonas