On ti, 12 maalis 2019, fujisan wrote:
This is strange as /data and /tmp are 2 partitions on my server and scratch
is a directory in /data
/dev/mapper/fedora-data 2832342640 946566920 1741877916 36% /data
/dev/mapper/fedora-tmp 153769424 61780 145826940 1% /tmp
# ls -l /data/
total 52
drwxrwx---. 5 root staff 4096 Mar 11 13:02 scratch
There is absolutely no symlink involved here.
That's what the log tells, I'm not inventing anything here. :)
Locked files:
Pid Uid DenyMode Access R/W Oplock
SharePath Name Time
--------------------------------------------------------------------------------------------------
20533 1011 DENY_NONE 0x100081 RDONLY NONE
/data/scratch . Tue Mar 12 18:29:06 2019
20533 1011 DENY_NONE 0x100081 RDONLY NONE
/data/scratch . Tue Mar 12 18:29:06 2019
Note this '.' file? This is what smbd complaints about.
As far as the rest of configuration is concerned, it seems that you are
using NTLMSSP to login to smbd and it works. Also, since smbd is able to
pull the data from LDAP, its own cifs/... principal for
/etc/samba/samba.keytab is just fine.
Regards
F
On Tue, Mar 12, 2019 at 7:04 PM Alexander Bokovoy <[email protected]>
wrote:
On ti, 12 maalis 2019, fujisan wrote:
>I added a share in smb.conf.regedit then I imported the file with net conf
>import smb.conf.regedit .
>I send you another tar file at your email.
>
>Regards
>F
>
># net conf list
>
>[global]
> workgroup = MYDOMAIN.LOCAL
> netbios name = MYSERVER
> realm = MYDOMAIN.LOCAL
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/samba/samba.keytab
> create krb5 conf = no
> security = user
> domain master = yes
> domain logons = yes
> max log size = 100000
> log file = /var/log/samba/log.%m
> passdb backend =
>ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket
> disable spoolss = yes
> ldapsam:trusted = yes
> ldap ssl = off
> ldap suffix = dc=mydomain,dc=local
> ldap user suffix = cn=users,cn=accounts
> ldap group suffix = cn=groups,cn=accounts
> ldap machine suffix = cn=computers,cn=accounts
> rpc_server:epmapper = external
> rpc_server:lsarpc = external
> rpc_server:lsass = external
> rpc_server:lsasd = external
> rpc_server:samr = external
> rpc_server:netlogon = external
> rpc_server:tcpip = yes
> rpc_daemon:epmd = fork
> rpc_daemon:lsasd = fork
> log level = 10
>
>[scratch]
> path = /data/scratch
> comment = Scratch shared files
> create mask = 0644
> invalid users = opera
Thanks. However, Samba says /data/scratch is a symlink to /tmp which is
outside of the share and therefore fails:
[2019/03/12 18:29:40.679585, 2, pid=20580, effective(1024, 1023),
real(1024, 0), class=vfs] ../source3/smbd/vfs.c:1305(check_reduced_name)
check_reduced_name: Bad access attempt: . is a symlink outside the share
path
conn_rootdir =/data/scratch
resolved_name=/tmp
[2019/03/12 18:29:40.679613, 5, pid=20580, effective(1024, 1023),
real(1024, 0)] ../source3/smbd/filename.c:1271(check_name)
check_name: name . failed with NT_STATUS_ACCESS_DENIED
May be you can try with /data/scratch not being a symlink. Samba is
pretty serious on not allowing wide symlinks by default.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
