[Freeipa-users] Re: problem access Linux shares from Windows "ticket is likely out of date"

Tue, 12 Mar 2019 11:04:51 -0700 

On ti, 12 maalis 2019, fujisan wrote:

I added a share in smb.conf.regedit then I imported the file with net conf
import smb.conf.regedit .
I send you another tar file at your email.

Regards
F

# net conf list

[global]
   workgroup = MYDOMAIN.LOCAL
   netbios name = MYSERVER
   realm = MYDOMAIN.LOCAL
   kerberos method = dedicated keytab
   dedicated keytab file = /etc/samba/samba.keytab
   create krb5 conf = no
   security = user
   domain master = yes
   domain logons = yes
   max log size = 100000
   log file = /var/log/samba/log.%m
   passdb backend =
ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket
   disable spoolss = yes
   ldapsam:trusted = yes
   ldap ssl = off
   ldap suffix = dc=mydomain,dc=local
   ldap user suffix = cn=users,cn=accounts
   ldap group suffix = cn=groups,cn=accounts
   ldap machine suffix = cn=computers,cn=accounts
   rpc_server:epmapper = external
   rpc_server:lsarpc = external
   rpc_server:lsass = external
   rpc_server:lsasd = external
   rpc_server:samr = external
   rpc_server:netlogon = external
   rpc_server:tcpip = yes
   rpc_daemon:epmd = fork
   rpc_daemon:lsasd = fork
   log level = 10

[scratch]
   path = /data/scratch
   comment = Scratch shared files
   create mask = 0644
   invalid users = opera


Thanks. However, Samba says /data/scratch is a symlink to /tmp which is
outside of the share and therefore fails:

[2019/03/12 18:29:40.679585,  2, pid=20580, effective(1024, 1023), real(1024, 
0), class=vfs] ../source3/smbd/vfs.c:1305(check_reduced_name)
 check_reduced_name: Bad access attempt: . is a symlink outside the share path
 conn_rootdir =/data/scratch
 resolved_name=/tmp
[2019/03/12 18:29:40.679613,  5, pid=20580, effective(1024, 1023), real(1024, 
0)] ../source3/smbd/filename.c:1271(check_name)
 check_name: name . failed with NT_STATUS_ACCESS_DENIED

May be you can try with /data/scratch not being a symlink. Samba is
pretty serious on not allowing wide symlinks by default.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to