This is strange as /data and /tmp are 2 partitions on my server and scratch is a directory in /data
/dev/mapper/fedora-data 2832342640 946566920 1741877916 36% /data /dev/mapper/fedora-tmp 153769424 61780 145826940 1% /tmp # ls -l /data/ total 52 drwxrwx---. 5 root staff 4096 Mar 11 13:02 scratch There is absolutely no symlink involved here. # smbstatus Samba version 4.9.4 PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 20580 smith smith 10.0.21.223 (ipv4:10.0.21.223:49971) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- scratch 20580 10.0.21.223 Tue Mar 12 06:29:41 PM 2019 CET - - scratch 20533 10.0.21.251 Tue Mar 12 06:29:06 PM 2019 CET - - IPC$ 20580 10.0.21.223 Tue Mar 12 06:29:37 PM 2019 CET - - Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 20533 1011 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Tue Mar 12 18:29:06 2019 20533 1011 DENY_NONE 0x100081 RDONLY NONE /data/scratch . Tue Mar 12 18:29:06 2019 Regards F On Tue, Mar 12, 2019 at 7:04 PM Alexander Bokovoy <[email protected]> wrote: > On ti, 12 maalis 2019, fujisan wrote: > >I added a share in smb.conf.regedit then I imported the file with net conf > >import smb.conf.regedit . > >I send you another tar file at your email. > > > >Regards > >F > > > ># net conf list > > > >[global] > > workgroup = MYDOMAIN.LOCAL > > netbios name = MYSERVER > > realm = MYDOMAIN.LOCAL > > kerberos method = dedicated keytab > > dedicated keytab file = /etc/samba/samba.keytab > > create krb5 conf = no > > security = user > > domain master = yes > > domain logons = yes > > max log size = 100000 > > log file = /var/log/samba/log.%m > > passdb backend = > >ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket > > disable spoolss = yes > > ldapsam:trusted = yes > > ldap ssl = off > > ldap suffix = dc=mydomain,dc=local > > ldap user suffix = cn=users,cn=accounts > > ldap group suffix = cn=groups,cn=accounts > > ldap machine suffix = cn=computers,cn=accounts > > rpc_server:epmapper = external > > rpc_server:lsarpc = external > > rpc_server:lsass = external > > rpc_server:lsasd = external > > rpc_server:samr = external > > rpc_server:netlogon = external > > rpc_server:tcpip = yes > > rpc_daemon:epmd = fork > > rpc_daemon:lsasd = fork > > log level = 10 > > > >[scratch] > > path = /data/scratch > > comment = Scratch shared files > > create mask = 0644 > > invalid users = opera > > Thanks. However, Samba says /data/scratch is a symlink to /tmp which is > outside of the share and therefore fails: > > [2019/03/12 18:29:40.679585, 2, pid=20580, effective(1024, 1023), > real(1024, 0), class=vfs] ../source3/smbd/vfs.c:1305(check_reduced_name) > check_reduced_name: Bad access attempt: . is a symlink outside the share > path > conn_rootdir =/data/scratch > resolved_name=/tmp > [2019/03/12 18:29:40.679613, 5, pid=20580, effective(1024, 1023), > real(1024, 0)] ../source3/smbd/filename.c:1271(check_name) > check_name: name . failed with NT_STATUS_ACCESS_DENIED > > May be you can try with /data/scratch not being a symlink. Samba is > pretty serious on not allowing wide symlinks by default. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
