On 11/05/2021 20:10, Stephen Atkins wrote:> On 5/11/2021 12:25 PM, Rowland penny via samba wrote:
>> On 11/05/2021 17:04, Stephen Atkins via samba wrote:
>>> Ever since I moved my file server to Samba I've been getting an
>>> error on some files when users try to open them.? It pops up a
>>> window and says "Directory is invalid".? Below is my
smb.conf.? I
>>> assumed it had something to do with directory name length but it
>>> happens even from the root of the share.? Funny thing is that it
>>> won't work then after a little wait (no set time) it will work
and
>>> you can open the file. Could it be something like the number of
open
>>> files on the share?? I'm running Samba 4.14.3 on a Arch Linux
box.
>>>
>>> [global]
>>> ? workgroup = MD
>>> ? security = ADS
>>> ? realm = MD.MDWAINWRIGHT.CA
>>> ? server role = member server
>>> ? server string = Files server for md.mdwainwright.ca Samba %v
>>>
>>> ? winbind refresh tickets = Yes
>>> ? vfs objects = acl_xattr
>>> ? map acl inherit = Yes
>>> ? store dos attributes = Yes
>>>
>>> ? # Allow a single, unified keytab to store obtained Kerberos
tickets
>>
>>
>> No, it doesn't store tickets
>
> Changed
Changed to what ?
If you have removed the line , then I would put it back, I was just
pointing out that the comment was wrong.
>
>>
>>> dedicated keytab file = /etc/krb5.keytab
>>> ? kerberos method = secrets and keytab
>>>
>>> ? # Do not require that login usernames include the default domain
>>> ? winbind use default domain = yes
>>> ? winbind scan trusted domains = no
>>>
>>> ? load printers = no
>>> ? printing = bsd
>>> ? printcap name = /dev/null
>>> ? disable spoolss = yes
>>>
>>> ? # UID/GID mapping for local users
>>
>>
>> The '*' domain isn't for local users, it is for the Well
Known SIDs
>>
>>> idmap config * : backend = tdb
>>> ? idmap config * : range = 3000-7999
>
> So I should comment out these two lines?
No , you need them, again I was just pointing out the comment was wrong,
but it sounds like you may have local users that you are trying to use
with AD, if so, this will not work.
>
>>>
>>> ? # UID/GID mapping for domain users
>>> ? idmap config MD:backend = ad
>>> ? idmap config MD:schema_mode = rfc2307
>>> ? idmap config MD:range = 10000-999999
>>> ? idmap config MD:unix_primary_group = yes
>>> ? idmap config MD:unix_nss_info = yes
>>
>>
>> I take that you have added uidNumber & gidNumber attributes to AD.
>
> Yes I do.? I didn't want them to be different across servers.
Just checking.
>
>>
>>>
>>> ? # Template settings for users without
''unixHomeDir'' and
>>> ''loginShell'' att>
>>> ? template shell = /bin/bash
>>> ? template homedir = /mnt/Disk1/Users/%U
>>>
>>> ? # Allow offline/cached credentials and ticket refresh
>>> ? winbind offline logon = yes
>>> ? winbind refresh tickets = yes
>>>
>>> ? create mask = 0664
>>> ? directory mask = 2755
>>> ? force create mode = 0644
>>> ? force directory mode = 2755
>>>
>>> ? username map = /etc/samba/user.map
>>
>>
>> What is in the user.map ?
>
> !root = MD\Administrator MD\mdadmin
OK
>
>>
>>>
>>> [Shared]
>>> ? comment = User shared files
>>> ? path = /UserData/Shared
>>> ? vfs objects = shadow_copy2 acl_xattr
>>> ? shadow:basedir=/Userdata/Shared
>>> ? shadow:format = @GMT_%Y.%m.%d-%H.%M.%S
>>> ? shadow:sort = desc
>>> ? shadow:snapdir = /UserData/.Sharedsnapshots
>>> ? shadow:localtime=yes
>>> ? public = yes
>>> ? read only = no
>>> ? printable = no
>>> ? force group = "MD\Domain Users"
>>> ? write list = "MD\Domain Users"
>>>
>>
>> Apart from the comments I made above, there doesn't seem to be
>> anything really wrong, is sssd in use as well ?
>
> Not using SSD.? They are serial scsi.
No, not the disk type, 'sssd'. You probably are not, mainly because I
don't think you know what it is.
>
>>
>> Can you please post your /etc/nsswitch.conf file.
>>
>
> # Name Service Switch configuration file.
> # See nsswitch.conf(5) for details.
>
> passwd: files winbind systemd
> group: files winbind systemd
> shadow: files
>
> publickey: files
>
> hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
On the hosts line, I would move 'dns' to just after 'files'
There really doesn't seem to be anything really wrong, so can you try
raising the Samba log level to 3 or 4 and see if anything pops out.
Rowland