Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
partial2016-02-09 08:42:24
Samba
partial, 2016-02-09 08:42:24

What's wrong with samba?

Hello everyone. I ask for help ... already broke my head.
Given: AD + samba + acl. 2 balls (home,depart).
Permissions home 777 (root:root). Lots of personal files inside. for example folder pupkin 700(pupkin:staff)
Permissions depart 770 (root:root) + acl rwx (staff).
Situation: User Pupkin successfully accesses his personal folder, but at the same time he is denied access to the depart folder. Moreover, his neighbor Sidorov successfully enters both balls. Both users are members of the staff group.
If the user Pupkin re-logs in, he successfully enters the depart ball, but after a few days everything repeats. disconnecting from samba via net use also helps. Also, if you give access to the depart sphere to everyone (777), then it is also allowed. At the same time, the user Sidorov does not have such problems at all.
Here is the log from samba at the time of connecting to the ball depart from user pupkin
[2016/02/09 10:49:27.861687, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2016/02/09 10:49:30.567826, 3] smbd/process.c:1662(process_smb)
Transaction 6889 of length 80 (0 toread)
[2016/02/09 10:49:30.568118, 3] smbd/process .c:1467(switch_message)
switch message SMBtrans2 (pid 30144) conn 0x7f131b7da0d0
[2016/02/09 10:49:30.568303, 4] smbd/sec_ctx.c:314(set_sec_ctx)
setting sec ctx (10004, 10002) - sec_ctx_stack_ndx =
02 [2016 09 10:49:30.568507, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /mnt/depart
[2016/02/09 10:49:30.568703, 4] smbd/vfs.c:780(vfs_ChDir)
vfs_ChDir to /mnt/depart
[2016/02/09 10:49:30.568827, 3] smbd/service.c: 190(set_current_service)
chdir (/mnt/depart) failed, reason: Permission denied
[2016/02/09 10:49:30.568984, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/process.c (1558) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED
As I understand it, the problem is that winbind somehow clumsily reads user groups. there are suspicions of kerberos, but again, not everyone has such a bug. and yes wbinfo -t is successful, it also shows both groups and users. getent passwd and group shows everything it should
. Any thoughts would be appreciated...
Thanks.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
athacker, 2016-02-09
@athacker

Are there any folders that the pupkin user can connect to with a different login-password? Alien, for example? It's just that if he FIRST connects to some folder on the same server, but with a different login-password, then then Windows will try to connect to all other folders with the account that was specified when connecting initially.

Similar questions
D
DenimTornado2017-07-24 11:38:18
How to view samba content by server on macOS? 1Reply
L
lergus2015-09-03 17:00:40
Problems with samba, how to make nautilus see user and workgroup correctly? 1Reply
L
lolowin322017-09-13 14:54:14
How to set permissions on a file in linux when creating it? 2Reply
T
Trianid Trianid2017-11-30 02:31:56
Why doesn't a group inherit user rights in Nas4Free? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question