Problem migrating to new Samba server

I am trying, but failing, to migrate an openSUSE Samba server from Samba 3.4.3 on openSUSE 11.2 (old) to Samba 3.5.7 on openSUSE 11.4 (new).

Samba 3.4.3-3.8.1-2508-SUSE-SL11.2
Samba 3.5.7-1.17.1-2505-SUSE-SL11.4-i386

I have a simple smb.conf to share a directory (shareddocs) with a few users with Linux logins. My smb.conf is identical on both servers. I’ve added log level = 3 and a temptest share to help me debug my problem.

workgroup = PLACEFARM
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = user
passdb backend = smbpasswd
encrypt passwords = Yes
wins support = Yes
log level = 3

comment = Shared Documents
inherit acls = Yes
path = /home3/shareddocs
read only = No
create mask = 0777
directory mask = 0777

comment = Shared Documents
inherit acls = Yes
path = /tmp
read only = No
create mask = 0777
directory mask = 0777

My /etc/fstab is also simple.

/dev/disk/by-id/scsi-SATA_ST3160812AS_5LS4VNNE-part1 swap swap defaults 0 0
/dev/disk/by-id/scsi-SATA_ST3160812AS_5LS49CQX-part1 swap swap defaults 0 0
/dev/disk/by-id/scsi-SATA_ST3160812AS_5LS4VNNE-part2 / ext3 acl,user_xattr 1 1
/dev/disk/by-id/scsi-SATA_ST3160812AS_5LS49CQX-part2 /home ext3 acl,user_xattr 1 2
/dev/disk/by-id/usb-Seagate_Desktop_2GHLNCSY-0:0-part1 /home3 ext4 acl,user_xattr 1 2
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
debugfs /sys/kernel/debug debugfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0

On the old server, everything works as expected.

On the new server, I can see that both shareddocs and temptest exist.

I can open temptest on the new server and see the files in /tmp. I can create new files and they are owned by the correct Linux uid.

[2011/10/22 17:47:22.630444, 1] smbd/service.c:1070(make_connection_snum)
martin-laptop (::ffff: connect to service temptest initially as user martin (uid=1000, gid=100) (pid 18967)

But when I try to access shareddocs on the new server, I can’t. Here are some of the errors in log.smbd.

[2011/10/22 17:50:58.926344, 3] smbd/msdfs.c:848(get_referred_path)
get_referred_path: |shareddocs| in dfs path \pavilion\shareddocs is not a dfs root.
[2011/10/22 17:50:58.926386, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/trans2.c(8018) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2011/10/22 17:50:58.936951, 3] smbd/open.c:460(open_file)
Error opening file . (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0)
[2011/10/22 17:50:58.937024, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/error.c(160) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED

What am I doing wrong and how can I fix it?


The Samba stanzas [shareddocs] and [temptest] are the same (except of course for path) so the difference might be in the Linux permissions constraining the directories “tmp” and “shareddocs”. So run these commands in a terminal on the server and report the results back here:

  • ls -l / | egrep “tmp|home3”
  • ls -l /home3 | grep shareddocs

That should show what’s on tmp, home3 and shareddocs. I expect you’ll find that tmp is drwxrwxrwx whereas shareddocs will be maybe drwxr-xr-x, and the owners will be different, but let’s see.

And also, what exactly do you mean by “when I try to access shareddocs on the new server, I can’t”?

The permissions are the same on both the old and new server.

martin@pavilion:~> ls -l / | egrep “tmp|home3”
drwxr-xr-x 6 root root 4096 Jul 10 21:19 home3
drwxrwxrwt 49 root root 12288 Oct 22 19:45 tmp
martin@pavilion:~> ls -l /home3 | grep shareddocs
drwxrwxrwx 36 root users 4096 Jul 15 15:38 shareddocs

When I try and access shareddocs on the new server, I login and then get an “access denied” error message. I can’t see any files.

All the relevant users are members of users, for what it’s worth.

Well I just set up a shareddocs exactly like yours and it works for me. No problem with access. Just a thought: did you add all of your users to the samba user database? (also check by running the command: sudo pdbedit -L).

All the users are listed when I type pdbedit -L.

martin:1000:Martin Campbell

I have two servers, one old, one new, identically configured but with different versions of openSUSE and Samba. The old one works. The new one doesn’t. I’ve spent many hours trying to work out what the problem is.

I have found the problem. It’s AppArmor. Any directory I want to share needs to be added to the usr.sbin.smbd AppArmor profile:
I added the line:
/home3/shareddocs/** lrwk,
to the file:
followed by the command:
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.smbd

AAaaaarrrgghhhh! the AppArmor bug for openSUSE 11.4. Well spotted. I ran across that a week ago, post #15 here:Samba server: no permission - Page 2 and sadly didn’t make the connection to your problem.