NethServer Version: 7.7.1908
Module: File Server
Good morning everyone!
After I spent several days trying to integrate Nethserver with openmediavault to have the authentication via AD ( unfortunately there are several bugs reported in samba 4.9.5.x ) I decided to give a try to Nethserver as File Server.
So I Installed two instance, 1x Active Directory and 1x File Server.
I configured the file server and NFS as well.
I’m getting this error for every users who try to connect to the file server:
/var/log/samba/log.vdi-windows10
change_to_user_internal: chdir_current_service() failed! [2019/11/30 01:19:28.812559, 0] ../source3/smbd/uid.c:417(change_to_user_internal)
Temporary workaround is add the users to the “domain admins” and configure the “domain admins” with the full access for every folder.
IDs match
NS as Active Directory:
# id emiliano
uid=708401108(emiliano@domain.com) gid=708400513(domain users@domain.com) groups=708400513(domain users@domain.com),708400512(domain admins@domain.com),708401114(smbusers@domain.com),708401117(synology@domain.com),708401120(vpnusers@domain.com),708401113(ncusers@domain.com),708400572(denied rodc password replication group@domain.com)
NS File Server
# id emiliano
uid=708401108(emiliano@domain.com) gid=708400513(domain users@domain.com) groups=708400513(domain users@domain.com),708400512(domain admins@domain.com),708401114(smbusers@domain.com),708401117(synology@domain.com),708401120(vpnusers@domain.com),708401113(ncusers@domain.com),708400572(denied rodc password replication group@domain.com)
The shares seem well configured:
# ls -l /var/lib/nethserver/ibay
total 0
drwxrws--- 3 root smbusers@domain.com 26 Nov 30 08:35 ClientBackups
drwxrws--- 9 root domain admins@domain.com 204 Nov 25 23:36 HomeLab
drwxrws--- 8 root smbusers@domain.com 180 Nov 26 00:47 Media
drwxrws--- 6 root smbusers@domain.com 130 Nov 25 23:44 Other
drwxrws--- 6 root smbusers@domain.com 152 Nov 30 08:35 Shared
This is an example of a share configuration from testparm:
[Shared]
admin users = “@domain admins” <== Workaround
comment = Shared folder
create mask = 0664
inherit acls = Yes
inherit permissions = Yes
map acl inherit = Yes
map archive = No
path = /var/lib/nethserver/ibay/Shared
read only = No
vfs objects = recycle
recycle: exclude = .tmp,.temp,.o,.obj,~$*
recycle: directory_mode = 0770
recycle: touch = True
recycle: keeptree = True
recycle: versions = True
recycle: repository = #Recycle Bin <== Added via custom-template
recycle: exclude_dir = /tmp,/temp,/cache
testparm result:
# testparm
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[home$]"
Processing section "[homes]"
Processing section "[print$]"
Processing section "[ClientBackups]"
Processing section "[HomeLab]"
Processing section "[Media]"
Processing section "[Other]"
Processing section "[Shared]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
deadtime = 10080
kerberos method = secrets and keytab
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 50
obey pam restrictions = Yes
realm = AD.DOMAIN.EU
security = ADS
server string = NethServer 7.7.1908 final (Samba %v)
workgroup = DOMAIN
idmap config domain: range = 200000-2147483647
idmap config domain: backend = nss
idmap config * : range = 10000-99999
idmap config * : backend = tdb
I thought maybe I setup some ACLs by mistaske ( I had a similar issue in SMB 4.9.5 and ACLs ), but no ACLs are present ( and I also run setfacl -b
# getfacl ./Shared
# file: Shared
# owner: root
# group: smbusers@domain.com
# flags: -s-
user::rwx
group::rwx
other::---
Any idea? I saw similar issue in red hat 8 and FreeNAS, but I didn’t find any post on this community.
Thanks in advice!
E.