Rowland Penny
2022-Apr-07 07:51 UTC
[Samba] samba-ad linux clients random access denied to network share
On Wed, 2022-04-06 at 23:11 +0200, Giuseppe Barichello via samba wrote:> Hi all, > > I have configured an AD domain (samba 4.9.5 on debian buster).4.9.5 is ancient in Samba terms, I suggest you upgrade to bullseye and then use Samba from here: https://apt.van-belle.nl/> Clients are both windows and linux. > Linux clients authenticate users using winbind + kerberos. > All clients access a network share from a server other than the > domain > server. > Linux clients mount this share using nfs4.Why ? You can use cifs and mount it directly. Upgrading may or may not fix your problem, but if you have found a bug, you have no chance of getting it fixed in 4.9.5 Rowland
Björn JACKE
2022-Apr-07 11:51 UTC
[Samba] samba-ad linux clients random access denied to network share
On 2022-04-07 at 08:51 +0100 Rowland Penny via samba sent off:> > Linux clients mount this share using nfs4. > > Why ? You can use cifs and mount it directly.from personal experience I can say I had to realize that there are actually reasons why people need to use NFS instead of cifs. The Linux cifs module gets new features constantly, which is great and which is why the yearly statistic about commits in cifs vs nfs kernel code look so nice for cifs. However existing problems, which are blockers for serious/enterprise usage of cifs on Linux clients too often don't get much attention unfortunately. Bugzilla's search is your friend to see more specifically what I'm talking about. Bj?rn
Giuseppe Barichello
2022-Apr-07 13:36 UTC
[Samba] samba-ad linux clients random access denied to network share
On Thu, 07 Apr 2022 08:51:13 +0100 Rowland Penny <rpenny at samba.org> wrote:> > Linux clients mount this share using nfs4. > > Why ? You can use cifs and mount it directly. >I use nfs in order to be able to mount the share as soon as the network connection is available to the system (this is controlled by a NetworkManager script). Every user will be then allowed to use the share by his permissions. I couldn't find a reliable way for the user to (automatically) mount the share on login with his own credentials: if you know how to achieve this goal, you are very welcome! BTW: I still couldn't double check it, but in case of access denied even the cifs mount is impossible. Thankyou very much, Giuseppe -- Giuseppe Barichello VERLATA Societ? Cooperativa Sociale a r.l. Reg. Imprese di Vicenza, C.f. e P. IVA 00887350247, Rea VI 193614 36030 VILLAVERLA (VI) - Via A. De Gasperi, 6 Codice SDI: T04ZHR3 tel. 0445 856212 340 7001928