[opensuse] weird samba issue: NT_STATUS_ACCESS_DENIED when accessing user home as user - no changes to config prior to this
Hey there, behold: lemmy@akari:~> df -h . Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf /dev/mapper/system-users 252G 150G 91G 63% /users/lemmy lemmy@akari:~> smbclient -U lemmy //akari/lemmy Enter EREGION\lemmy's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \> in other words, I can not access my own home via samba anymore. And here are the two dreaded sentences: "It used to just work" and "I didn't do anything". In this particular case, both are true - I literally havent touched my samba config for years, and it used to work just fine until a few days ago. No, no samba updates, either. Running samba-4.7.11+git.153.b36ceaf2235-lp150.3.14.1.x86_64 on openSUSE Leap 15.0, the package's from the Leap 15.0 updates repo. Any ideas on where to start? Cheers MH -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Oh, before I forget, I can access all other samba shares in the way they are intended to be used. Here's the [global] and [homes] part of smb.conf: [global] domain master = Yes interfaces = eth0 tun0 logon drive = P: logon home = \\%N\%U local master = yes map to guest = Bad User os level = 65 preferred master = Yes printcap name = cups security = USER usershare allow guests = Yes wins support = Yes workgroup = EREGION catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6 idmap config * : backend = tdb cups options = raw mangled names = no [homes] browseable = No comment = Home Directories inherit acls = Yes read only = No vfs objects = catia On 09.07.2019 20:58, Mathias Homann wrote:
Hey there,
behold:
lemmy@akari:~> df -h . Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf /dev/mapper/system-users 252G 150G 91G 63% /users/lemmy lemmy@akari:~> smbclient -U lemmy //akari/lemmy Enter EREGION\lemmy's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \>
in other words, I can not access my own home via samba anymore.
And here are the two dreaded sentences: "It used to just work" and "I didn't do anything".
In this particular case, both are true - I literally havent touched my samba config for years, and it used to work just fine until a few days ago.
No, no samba updates, either.
Running samba-4.7.11+git.153.b36ceaf2235-lp150.3.14.1.x86_64 on openSUSE Leap 15.0, the package's from the Leap 15.0 updates repo.
Any ideas on where to start?
Cheers
MH
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
...solved. AppArmor. GRRR. I WISH WE HAD SELINUX INSTEAD. That I would be able to use. Cheers MH On 09.07.2019 21:03, Mathias Homann wrote:
Oh, before I forget, I can access all other samba shares in the way they are intended to be used.
Here's the [global] and [homes] part of smb.conf:
[global] domain master = Yes interfaces = eth0 tun0 logon drive = P: logon home = \\%N\%U local master = yes map to guest = Bad User os level = 65 preferred master = Yes printcap name = cups security = USER usershare allow guests = Yes wins support = Yes workgroup = EREGION catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6 idmap config * : backend = tdb cups options = raw mangled names = no
[homes] browseable = No comment = Home Directories inherit acls = Yes read only = No vfs objects = catia
On 09.07.2019 20:58, Mathias Homann wrote:
Hey there,
behold:
lemmy@akari:~> df -h . Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf /dev/mapper/system-users 252G 150G 91G 63% /users/lemmy lemmy@akari:~> smbclient -U lemmy //akari/lemmy Enter EREGION\lemmy's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \>
in other words, I can not access my own home via samba anymore.
And here are the two dreaded sentences: "It used to just work" and "I didn't do anything".
In this particular case, both are true - I literally havent touched my samba config for years, and it used to work just fine until a few days ago.
No, no samba updates, either.
Running samba-4.7.11+git.153.b36ceaf2235-lp150.3.14.1.x86_64 on openSUSE Leap 15.0, the package's from the Leap 15.0 updates repo.
Any ideas on where to start?
Cheers
MH
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/09/2019 02:03 PM, Mathias Homann wrote:
Oh, before I forget, I can access all other samba shares in the way they are intended to be used.
Here's the [global] and [homes] part of smb.conf:
The only things that stand out are:
[global] catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6
[homes] inherit acls = Yes vfs objects = catia
Those could be correct for your setup, I am unfamiliar with the mappings and vfs objects. The inherit acls can also be tricky. Within the past week there was a discussion on the samba list about acls and denied access. The crux was that for access, the acls should be set by Windows. That is a likely place to look. I have no problems with home access using: [homes] browseable = No comment = Home Directories read only = No
behold:
lemmy@akari:~> df -h . Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf /dev/mapper/system-users 252G 150G 91G 63% /users/lemmy lemmy@akari:~> smbclient -U lemmy //akari/lemmy Enter EREGION\lemmy's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \>
in other words, I can not access my own home via samba anymore.
And here are the two dreaded sentences: "It used to just work" and "I didn't do anything".
The discussion on the samba list centered around changes in the latest Win10 19H03 feature update that caused problems. You may google or look at the samba list archive for details. I would comment out the acls and restart samba to test. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Mathias Homann composed on 2019-07-09 20:58 (UTC+0200): ...I had a similar problem when I upgraded from 42.3 to 15.1 last week with cifs-utils. Maybe the problem with smbclient is similar? Quoting from an email I sent in response to a fix suggestion, vers= in fstab to specify dialect, which worked: [quote] [quote] The default since v4.13.5 is for the client and server to negotiate the highest possible version greater than or equal to 2.1. In kernels prior to v4.13, the default was 1.0. For kernels between v4.13 and v4.13.5 the default is 3.0. [/quote] openSUSE 42.3 upgraded from uses 4.4.x, while 15.1 upgraded to nominally uses 4.12.x with a ton of backports, making it effectively akin to 4.19.x. [/quote] ISTR 15.0's kernel also has lots of backports. -- Evolution as taught in public schools is religion, not science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
David C. Rankin -
Felix Miata -
Mathias Homann