Can't view open shares or sessions in fsmgmt.msc

samba
v7

(Cory Wilson) #1

NethServer Version: NethServer release 7.4.1708
Module: nethserver-samba

I recently replaced my company’s Windows SBS 2011 AD setup with a NethServer installation and I’m absolutely loving it. There were a lot of struggles with printing and file shares at first, but once I stopped adding lines to smb.conf with reckless abandon and started actually learned what they do I got everything stable.

I love the integration with Windows tools, but I’d like to be able to view the Sessions and Open Files sections in fsmgmt.msc. If I open either of these I get You do not have permissions to see the list of Windows clients. I get these messages for all accounts, including administrator, which has all of the Se* privileges including SeDiskOperatorPrivilege. I can access these consoles for the nsdc container, so I don’t think it’s a permissions issue. I can view and modify all apsects of the Shares from this console. If I open the System Tools console from compmgmt.msc, I get this:

dcom-error

I know the DCOM-In port is 135, but I don’t think it’s a network issue. I’ve compared open ports to a working Samba NAS (from which I can access Sessions & Open Files from fsmgmt.msc) and there’s no apparent differences (the NAS only has the usual 139 and 445 Samba ports and HTTP/etc–no rpc ports). I’ve tried it with a vanilla NethServer installation and I get the same error. The domain controller has 135 open and works fine, but the NAS does not have the port and also works. Maybe a different SMB version or auth mehtod?

I can run net status shares as root and get the list of open files, but not with administrator–it says "Failed to init messaging context." An strace net status shares -d 10 ran as administrator shows that administrator doesn’t have privileges to open files in the msg.lock directory, which I suppose is normal since they’re root:root and either 0770 or 0640. Changing these permissions (for troubleshooting purposes; I assume this is ill-advised) will give an error but will allow administrator to run the command–but it does not change the Windows result.

Nothing shows up in /var/log/messages and the client’s Windows Event Viewer doesn’t show anything relevant. I have changed just about every line in my smb.conf at some point, but the problem is reproducible on a stock installation so I assume that is irrelevant.

If this is not possible, that’s fine; it’s not a huge deal. I have a few one-liners that can format the results of these commands. I’m just curious to see if it’s something simple because I’m a prideful man and I spend way too much time trying to solve insignificant issues on my own.

Thanks!
Cory


(Michael Kicks) #2

IMO, it can’t be possible. SAMBA4 acts like Windows Server for services, but as far as i know it has no support for that kind managament.


(Cory Wilson) #5

The Windows management tools are very limited in terms of what you can modify on a Samba server, but it is possible to integrate Samba with most of the Computer Management console (event viewer, shares, performance, and services as far as I know).

I went to compare the results of testparm -v with the working NAS, the Nethserver and it’s nsdc container only to realize the NAS started giving the same Access Denied errors.

I’m pretty sure it’s an authentication or user mapping issue at this point. I just don’t know how to debug further.

EDIT: Sorry for the extra posts. I thought I could just create a new post and delete the others.


(Michael Kicks) #6

Interesting… could you please elaborate a bit? Maybe @dev_team could consider this opportunity for an implementation/option on Samba Server…


(Cory Wilson) #7

Sure. This is the Open Files panel I’m talking about. This is a WD MyCloud EX4 NAS running Samba 4.0.9 as a Standalone Member connected to the Nethserver-dc domain:

I think everyone’s familiar with the Shares panel, but the Services panel is interesting in that you can create custom services to be controlled through this interface:

I’m not proposing that great effort be put forth to implement these Windows components; I’m just trying to figure out the Access Denied error when accessing some of the components. Although it would be cool to be able to manage (or manage to a greater extent I should say) Nethserver with native Windows tools.