Discussion:
[Samba] Permissions problem with 1 user
(too old to reply)
James B. Byrne via samba
2017-03-16 01:50:01 UTC
Permalink
FreeBSD-11
Samba-4.3.5

I am having a problem with my roaming profile. Other users are not
experiencing this, only my personal account is affected. The error is
being reported in the event log as a 1521 permissions error. However,
I cannot see how the permissions on the server could possibly been
changed as I am the only one with access to that device.

My roaming profile was working fine up to February 28 because on that
date I connected and updated my profile on a laptop that I took on a
business trip the next day. However, since my return on March 7 I
have been unable to connect to my roaming profile from that laptop, or
any other workstation in the domain.

Any ideas as to what is going on?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
James B. Byrne via samba
2017-03-16 18:40:02 UTC
Permalink
What does your smb.conf look like? Are you using ACLs? If so, post
'getfacl' output for the problem directory (ie 'getfacl
/mnt/tank/foo').
Thank you for your reply. Here is the requested information.

getfacl /var/samba4/BROCKLEY-2016/PROFILES/byrnej.V2
# file: /var/samba4/BROCKLEY-2016/PROFILES/byrnej.V2
# owner: BROCKLEY-2016\byrnej
# group: BROCKLEY-2016\domain admins
user::rwx
user:3000002:rwx
group::---
group:3000002:rwx
group:BROCKLEY-2016\domain admins:---
group:BROCKLEY-2016\byrnej:rwx
mask::rwx
other::---

cat /usr/local/etc/smb4.conf
# Global parameters
[global]
workgroup = BROCKLEY-2016
realm = BROCKLEY-2016.HARTE-LYNE.CA
netbios name = SAMBA-01
server role = active directory domain controller
dns forwarder = 216.185.71.33
idmap_ldb:use rfc2307 = yes
# Temp fix for roaming profiles? oplock
veto oplock files = /NTUSER.DAT/
veto oplock files = /ntuser.ini/

socket options = TCP_NODELAY SO_KEEPALIVE

[netlogon]
path = /var/db/samba4/sysvol/brockley-2016.harte-lyne.ca/scripts
read only = No

[sysvol]
path = /var/db/samba4/sysvol
read only = No

[PROFILES]
path = /var/samba4/BROCKLEY-2016/PROFILES/
read only = No

[USERS]
path = /var/samba4/BROCKLEY-2016/USERS/
read only = No

The getfacl output from my profile is not visibly different from any
other user's profile saving only the user name of the OWNER.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...