samba - Nov 2025 - samba ad integrated file server Permission denied

I changed the smb.conf

aramis at fs1:~$ testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_DOMAIN_MEMBER

# Global parameters
[global]
 ? ? kerberos method = secrets and keytab
 ? ? realm = IWW.LAN
 ? ? security = ADS
 ? ? template homedir = /home/%U@%D
 ? ? template shell = /bin/bash
 ? ? winbind offline logon = Yes
 ? ? winbind refresh tickets = Yes
 ? ? winbind use default domain = Yes
 ? ? workgroup = IWW
 ? ? idmap config * : range = 3000-7999
 ? ? idmap config iww : backend = rid
 ? ? idmap config iww : range = 2000000-2999999
 ? ? idmap config * : backend = tdb
 ? ? map acl inherit = Yes
 ? ? vfs objects = acl_xattr


[basis]
 ? ? comment = AD Basisordner
 ? ? path = /mnt/volume1_daten/basisordner
 ? ? read only = No

So i deleted the entrys:

winbind enum groups = Yes
winbind enum users = Yes
'acl_xattr:ignore system acls = yes'


but still have the log entries at 5:15 a.m.
But the question remains: who triggers these entries at 5:15 a.m.? I've 
looked through all the cron jobs. There is definitely none entered for 
that time.
The strange thing is that the file server works without any problems.
I then checked who has the uid 2001103 but couldn't find anything. It 
must be an AD user, but I couldn't find the ID in the AD or on the server.
How can I resolve the ID to a user?
fs1$ is the server name. There is no user with fs1 on the server or in 
the domain. However, I can't find anything about the uid or gid in the 
domain or on the server. Is there any way I can query the uid/gid?

Markus


Am 18.11.25 um 10:44 schrieb Rowland Penny via samba:
> On Mon, 17 Nov 2025 15:15:16 +0000
> Rowland Penny via samba<samba at lists.samba.org> wrote:
>
>> On Mon, 17 Nov 2025 15:08:44 +0100
>> Markus Huether via samba<samba at lists.samba.org> wrote:
>>
>>> Hello,
>>> I am experiencing an issue with an Ubuntu 24.04.3 LTS file server
>>> that has samba-ad-dc integrated (4.19.5) as a member server. Every
>>> night at 5:10 a.m., I receive the following syslog entries on the
>>> file server:
>>>
>>> ?2025-11-16T05:15:10.602166+01:00 fs1 smbd[194338]:
>>>   ?chdir_current_service: vfs_ChDir(/mnt/volume1_daten/basisordner)
>>> failed: Permission denied. Current token: uid=2001103, gid=2000515,
>>> 5 groups: 2001103 2000515 10003 10004 10006 ?
> Then I looked closer at the output you provided and I realised why you
> are getting the error messages.
>
> It is because the user cannot traverse to the directory, but that is
> because the user isn't a member of Domain Users. If you look at the
> UID, I feel it is linked to the username fs1$ and that users primary
> group is Domain Computers (the '515' at the end of the gid
'2000515'
> gives this away), yes, it is your computer (aka 'SYSTEM').
>
> Rowland
>
>
>

On Tue, 18 Nov 2025 13:03:38 +0100
Markus Huether via samba <samba at lists.samba.org> wrote:
>
> 
> but still have the log entries at 5:15 a.m.
> But the question remains: who triggers these entries at 5:15 a.m.?
> I've looked through all the cron jobs. There is definitely none
> entered for that time.
> The strange thing is that the file server works without any problems.
> I then checked who has the uid 2001103 but couldn't find anything. It 
> must be an AD user, but I couldn't find the ID in the AD or on the
> server. How can I resolve the ID to a user?
> fs1$ is the server name. There is no user with fs1 on the server or
> in the domain. However, I can't find anything about the uid or gid in
> the domain or on the server. Is there any way I can query the uid/gid?
> 
You are missing the point, an AD computer is a user with an extra
objectclass, the 'computer' objectclass

rowland at devstation:~$ getent passwd devstation$
devstation$:*:12657:10515::/home/devstation_:/bin/bash

If I run 'cat /etc/cron.d/sysstat', I get this:

# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin

# Activity reports every 10 minutes everyday
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1
1 1

# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

Rowland