Mark Foley
2023-Dec-16 20:48 UTC
[Samba] Samba share not quite working on Domain Controller
I don't know if this is a Windows, Linux or Samba problem. I've posted
this
issue to both Windows and Linux forums, but no one seem to have any idea so far.
Note that this works on my current/old DC version 4.8.2 provisioned with
BIND9_FLATFILE. The "new" DC is version 4.18.8 provisioned with
SAMBA_INTERNAL.
I don't know if this matters or not. My smb.conf is:
[global]
dns forwarder = 192.168.0.1
netbios name = DC1
realm = HPRS.LOCL
server role = active directory domain controller
workgroup = HPRS
idmap_ldb:use rfc2307 = yes
interfaces = lo, eth0
bind interfaces only = Yes
[Users]
path = /redirectedFolders/Users
comment = user folders for redirection
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/hprs.locl/scripts
read only = No
All but the [Users] section was auto-generated by the provision command. Yes, I
know putting a Share on the DC is not recommended, but I've used that for
the
redirected folders on the old DC for the past 10 years and, although not
recommended, it's not actually "forbidden".
I have successfully joined a Windows 10 workstation as a domain members. In
Windows Explorer (as DC Administrator), I can open the share with
\\dc1.hprs.locl, and I see my folders. The folder in question is 'Users'
I can
put files into that folder from Windows, no problem. However if I right-click
on 'Users > Properties > Security', Explorer crashes. This does
not happen
doing the same thing on the other two folders (sysvol and netlogin). I find
nothing in the Linux log files. The Windows event log gives:
-----------------------
- System
- Provider
[ Name] Windows Error Reporting
- EventID 1001
[ Qualifiers] 0
Version 0
Level 4
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2023-12-16T17:11:01.0393392Z
EventRecordID 86110
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel Application
Computer doris.hprs.locl
Security
- EventData
1935668344092221582
4
APPCRASH
Not available
0
explorer.exe
10.0.19041.3758
bf79d152
StackHash_7047
10.0.19041.3636
9b64aa6f
c0000374
PCH_BD_FROM_ntdll+0x000000000009DB34
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF6C4.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_explorer.exe_d4d12b826a305761b6bd859c52427f8942c15b2_6609badb_bc335dbb-a943-4c33-8a8f-e3db68dd5f27
0
4f823e91-a71f-49cd-93c3-351731eb5759
268435456
f22130602afd3cca5adce01a7495e08e
0
-----------------------
Permissions on the DC share are:
-----------------------
# ls -l -R /redirectedFolders/
/redirectedFolders/:
total 4
drwxrwxr-x 2 root root 4096 2023-12-16 11:47 Users/
/redirectedFolders/Users:
total 8
-rwxrwxr-x+ 1 3000000 users 17 2023-12-16 11:47 testing.txt*
-----------------------
Note that the testing.txt file is one I created from the Windows computer, so it
would appear at least write permissions exist.
Any idea what's up with this?
Thanks --Mark
Mark Foley
2023-Dec-17 06:23 UTC
[Samba] Samba share not quite working on Domain Controller
On Sat Dec 16 15:49:27 2023 Mark Foley via samba <samba at lists.samba.org> wrote:> > I don't know if this is a Windows, Linux or Samba problem. I've posted this > issue to both Windows and Linux forums, but no one seem to have any idea so far. > > Note that this works on my current/old DC version 4.8.2 provisioned with > BIND9_FLATFILE. The "new" DC is version 4.18.8 provisioned with SAMBA_INTERNAL. > I don't know if this matters or not. My smb.conf is: >(deleted)> [Users] > path = /redirectedFolders/Users > comment = user folders for redirection > read only = No(deleted)> > All but the [Users] section was auto-generated by the provision command. Yes, I > know putting a Share on the DC is not recommended, but I've used that for the > redirected folders on the old DC for the past 10 years and, although not > recommended, it's not actually "forbidden". > > I have successfully joined a Windows 10 workstation as a domain members. In > Windows Explorer (as DC Administrator), I can open the share with > \\dc1.hprs.locl, and I see my folders. The folder in question is 'Users' I can > put files into that folder from Windows, no problem. However if I right-click > on 'Users > Properties > Security', Explorer crashes. This does not happen > doing the same thing on the other two folders (sysvol and netlogin). I find > nothing in the Linux log files. The Windows event log gives: >[deleted]> > Any idea what's up with this? > > Thanks --Mark >I got this fixed! Nothing like a little lotus-position medidatation and navel-contemplation to gain enlightenment. Since sysvol and netlogin folders didn't crash when I selected their Properties > Security, I reasoned there must be something about permissions or ownership afoot. Sure enough: # ls -ld /var/lib/samba/sysvol/ drwxrwx---+ 3 root 3000000 4096 2023-11-29 21:16 /var/lib/samba/sysvol/ Both of those directories, created by provisioning, are members of group 3000000 which I presume is some administrative group (although 'getent group 3000000' on the DC returns nothing, so I'm not sure). I could have probably just set the group for Users to 3000000, but there are some extended attributes (designated by the '+' sign), so I cloned sysvol to Users: # rmdir /redirectedFolders/Users/ # cp -rp /var/lib/samba/sysvol/ /redirectedFolders/ # cd /redirectedFolders/ # mv sysvol/ Users # cd Users/ # rm -r hprs.locl/ # cd .. # ls -l drwxrwx---+ 2 root 3000000 4096 2023-12-17 00:13 Users/ Voila! Same permission, complete with extended attributes. After doing that I was able to set Properties > Security correctly on the Windows computer. This by no means finishes the 'Redirected Folders' effort. I have yet to create the Group Policy and then attempt to restore the users' Desktops, etc. to this directory, but I wanted to at least let the sambalist know I got past this problem so everyone who was working feverishly on helping me figuring it out could stand down. Hope this helps ayone tying to set up Redirected Folders. --Mark