Author Topic: SAMBA Error  (Read 26362 times)

Lonniebiz

  • Zen Samurai
  • ****
  • Posts: 320
  • Karma: +24/-2
    • View Profile
Re: SAMBA Error
« Reply #30 on: October 08, 2013, 04:27:39 pm »
@suthagar

Instead of downgrading to 3.0, first try this (this is what I had to do to make it work).

1) Take note of each of your file-shares actual location on the file system. Mine were all at /home/samba/shares.
2) Remove all existing file shares at Zentyal Web Interface > File Sharing > General > Shares. This will not remove the files from the files system; it will only remove the Zentyal samba shares of those folders.
3) Save changes with these file shares removed, and the save will actually succeed this time.
4) Remake each file share. When I did this, I accidentally put the entire path in at first (/home/samba/shares/FolderName), but then, after realizing this, I deleted my file shares again, and this time only put the folder name (FolderName), and Zentyal automatically knew the "/home/samba/shares" part.
5) From the command line, recursively change the permissions of each folder:
sudo chown -R sync:'__USERS__' /location/of/shared/folder/

Lastly, for some reason, when you try to control the access of share folders using: Zentyal Web Interface > File Sharing > General > Shares, if you add a group it won't honor it. You have to add each individual user.

This is clearly a bug, and one that is so ugly I'm sure they're working on this.

I didn't downgrade back to 3.0 myself. I've made the painful changes I've mentioned above and in hopes that an upcoming bug fix will make group access controls work again.

Similarly:

This freenas/zentyal user is having similar problems with Zentyal Group authentication:
https://bugs.freenas.org/issues/3276
« Last Edit: February 06, 2014, 02:04:46 am by Lonniebiz »

BrettonWoods

  • Guest
Re: SAMBA Error
« Reply #31 on: October 08, 2013, 07:16:34 pm »
Apologies as Zentyal 3.2, Zentyal ISO no problems.

The only problem I had with shares was one I maid deliberately off the home folder by specifying a created directory in /srv/shares.
Something I do to escape quota's.
I remember at the time thinking it was probably just a permissions thing so I just creted it as a samba share.

I have done several installs now and haven't had a problem as I am using group access to shares.

I have group folders for most of my groups.
I have folders for software install that use group security.

I did a liitle write up with my own Samba4 gotcha's but for some reason seem to be unable to recreate yours.
I am trying as if Zentyal 3.2 is essentially buggy then I am not going to use it.

Strange thing is I have been really happy and my experience of 3.2 is nothing like 3.0.

3.2 is very new so probably there will be a few hot fixes to come on line but so far for me so good.

Apols for not having a reason why.

suthagar

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +2/-0
    • View Profile
Re: SAMBA Error
« Reply #32 on: October 09, 2013, 12:44:17 pm »
@Lonniebiz

Thanks very for the reply. I would agree that this is a bug (either with SAMBA or Zentyal's implementation of it) and given that it relates to shares is a major showstopper for production environments. Do you know if a bugtrac has been raised for this?

I tried the process you outlined but it did not seem to work. Steps 1-3 worked as you outlined but the recreation of the shares still resulted in the same error message. A restart of the server did instantiate the shares but I could not access them from a windows 8 client machine - this was done after I gave a single user read write access. I also tried using the shared folder functionality in the Users and Groups but this did not make a difference.

I wonder if there is a permission issue here because your chown rsync command came back with an error saying it could not find the group _USERS_. Does this suggest anything? The share in question (which I moved to under home/samba/shares) did belong to a previous installation and so might of had left over permissions but to be sure I did chmod 777 the whole share. Also samba insisted on creating another home folder so the structure looked like /home/samba/shares/home/shares - which is a little odd. the /home is on its own drive and mounted at boot  but I would not think this would make a difference.

@BrettonWoods thanks also for the reply I would agree with you that the best thing to do is to treat 3.2 as an unstable release (for now). I'm going to restore my production environment to 3.02 (with updates) and keep my dev environment at 3.2 to keep trying to resolve the issue.

Grateful for any further advice.

Thanks,

S
 

Sand_man

  • Zen Samurai
  • ****
  • Posts: 280
  • Karma: +24/-0
    • View Profile
Re: SAMBA Error
« Reply #33 on: October 09, 2013, 04:04:57 pm »
I wonder if there is a permission issue here because your chown rsync command came back with an error saying it could not find the group _USERS_. Does this suggest anything?

Not _USERS_, and __USERS__, with two _ _

suthagar

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +2/-0
    • View Profile
Re: SAMBA Error
« Reply #34 on: October 09, 2013, 04:25:16 pm »
@Sand_Man

d'oh! of course it is! I'll try this out and see if Lonniebiz's temp solution works.

Thanks

S

Gerick

  • Zen Monk
  • **
  • Posts: 50
  • Karma: +1/-1
    • View Profile
Re: SAMBA Error
« Reply #35 on: October 09, 2013, 08:09:08 pm »
Hi all (first time post)

I'v been using 3.0.2 (64bits) for sometime now and its been excellent - kudos to all involved. But this recent upgrade to 3.2.2. has been horrid at least in relation to the SAMBA module. I've got exactly the same issue and log messages that Lonniebiz reported and I think I've exhausted all options in relation to a fix. Thanks in any case to paulreynand but those workarounds are unfortunately temporary at best.

I'm tempted at this stage to downgrade back to good ol 3.0.2 until this is resolved, but I'm curious to see (a) this has been reported as a bug - couldn't see it when I searched, or (b) if anyone has found a more enduring fix for this.

The german link was tantalising as it mentioned DNS config as possible culprit but I clean installed from the 3.2 installer so not sure if that applies to me.

By the way I'm loving the openness and general goodwill attitude on these forums, a welcome change, I'm guessing its becuase most of you are IT professionals. 

Thanks for any assistance.

Kind regards,

Suthagar
 

hi can u explain, how to downgrade to 3.0.2, i have the same problem here..
thnx
Be Linux... Be free

suthagar

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +2/-0
    • View Profile
Re: SAMBA Error
« Reply #36 on: October 10, 2013, 02:22:20 am »
@Gerick

Hi there, I did a clean reinstall off my existing 3.021 CD. Basically I keep the server OS and the shares / app server / gateway either as separate machines or separate disks on the same machine, so in effect I can exchange one Linux server distro with another if needed.  Its been my experience that different releases offer differing degrees of stability / functionality etc.. at different points in time so I don't mind switching between them - its part of the price of using Linux. Mostly I stick with Ubuntu based releases though as many of our desktops are based on 13.04.

I'm not aware of any means of downgrading in-place for any distro. Others may have more knowledge on that than me. Sorry I could not be of more help. I understand from some of the support tickets that a new Zentyal samba module could be in the works (3.2.3 possibly) if I read it correctly. So it maybe worth persevering but again I defer to more experienced and knowledgeable users.

Kind regards,

S

suthagar

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +2/-0
    • View Profile
Re: SAMBA Error
« Reply #37 on: October 10, 2013, 04:12:59 am »
Hi all

Success! I re-read Lonniebiz's instructions and I realised the issue I was having was due to the use of a preexisting share. So here's what I did:

1. Fresh reinstall of 3.2 just to be sure (see below)
2. Checked and updated domain controller settings
3. Checked and updated DNS settings and created users (no groups) inc domain administrator as per official documentation
4. Saved modules - all worked including SAMBA (held my breath at the dreaded 67% mark!)
5. Recreated share so that the SAMBA module created a brand new folder under /home/samba/shares
6. Saved module settings again. No errors.
7. Added individual users into share ACL - as per Lonniebiz's notes group level access is broken for now.
8. Saved changes again. No errors.
9. Moved all files from old share location to new location under /home/samba/shares - you may or may not need this step depending on your circumstances. I had an existing share from a previous install.
10. Ran sudo chown -R sync:'__USERS__' /location/of/shared/folder/ as per Lonniebiz's instructions. Please note __ means _ _ together with out spaces (Thanks Sand_man)
11. Ran chmod as required to ensure correct folder permissions at the file system level - again this is specific to my needs you may not need this.
12. Tried joining from a Windows 8 Pro client using the domain administrator I created earlier. Hey presto both user drives and SAMBA shares were accessable and mapped.


Hope that helps other, of course your mileage may vary and I can not take an responsibilty for your specific situation.

Credit really goes to Lonniebiz in the main and Sand_man for the clarification.
Thanks all. Here's hoping for an update bug fix soon so we can go back to using group level access.

Just as an aside all attempts at an in place upgrade from 3.02x to 3.2x were very unsucessful for me at least. The web interface was glitichy and the SAMBA module would fail to start on boot. This could just be my install hence I reinstalled from scratch.

Kind regards,

S

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #38 on: October 12, 2013, 11:38:13 pm »
We have the same problem.  After the upgrade samba stopped working because of permission problems.  After you restart samba, the service goes changes ownership root:Administrators (not even sync:__USERS__) and at the same time removes ACLs at the beginning of the process.  After some 15 minutes, it times out after finishing maybe half of the shares, leaving the users without access to the other shares.  The other problem with this is that the reset process loses the information about who create/modified the file as the owner is reset to root:Administrators.

We were able to find a workaround, but it's not the solution:
1)  All of the shares have ACLs with users (without groups) - per Lonniebiz's instructions.  This allowed the restart of samba to complete successfully
2)  When you make any changes or restart the service, it takes forever as the ownership of files is changed to root:Administrator during the samba restart.  After the restart is finished we run setfacl --restore, so that all the files have the ownership changed to the user who modified the file.
3)  We have a nightly process with getfacl --absolute-names -R /home/samba/shares (fortunately we had this running for a long time.  When there is any change done to share settings or if the samba service is restarted, we have to run the setfacl --restore.

Needless to say, this is big problem and I hope zentyal guys will fix this soon...

rpro

  • Guest
Re: SAMBA Error
« Reply #39 on: October 24, 2013, 01:22:39 am »
Hi,

I just wanted to share with you guys: after the latest batch of updates, which included samba4, zentyal-core and zentyal-samba, the problem was fixed. I don't know if the updates addressed this specific bug or it was just a fortunate coincidence that the commands ran during the update fixed the problem.

Here are the versions of the related packages in my system, in case anyone is having the same problem, make sure you are up to date:

ii  samba4                               4.1.0rc4-zentyal2
ii  zentyal-samba                      3.2.6
ii  zentyal-core                         3.2.3
ii  zentyal-dns                          3.2.3

My best regards.

Lonniebiz

  • Zen Samurai
  • ****
  • Posts: 320
  • Karma: +24/-2
    • View Profile
Re: SAMBA Error
« Reply #40 on: October 24, 2013, 04:27:58 pm »
Do these latest updates also make Zentyal honor group permissions (so that you don't have to add each user's permissions individually)? Has anyone tested this yet (after updating)?

Terence Loo

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +1/-0
    • View Profile
Re: SAMBA Error
« Reply #41 on: October 24, 2013, 05:28:49 pm »
Hi,

I just wanted to share with you guys: after the latest batch of updates, which included samba4, zentyal-core and zentyal-samba, the problem was fixed. I don't know if the updates addressed this specific bug or it was just a fortunate coincidence that the commands ran during the update fixed the problem.

Here are the versions of the related packages in my system, in case anyone is having the same problem, make sure you are up to date:

ii  samba4                               4.1.0rc4-zentyal2
ii  zentyal-samba                      3.2.6
ii  zentyal-core                         3.2.3
ii  zentyal-dns                          3.2.3

My best regards.

Do these latest updates also make Zentyal honor group permissions (so that you don't have to add each user's permissions individually)? Has anyone tested this yet (after updating)?

I had tested with Samba 4.1 and apparently, disabling "Antivirus" scanning will fix the long pending issues that are posted here.

Cheers.


famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #42 on: October 24, 2013, 05:35:21 pm »
There are still unresolved issues:

On the filesystem, zentyal still changes the ownership of the files to root:Administrators and there is no way to tell who created and modified the file.  We have strict nomenclature rules for filenaming and a process that emails users which modified the files notification to correct the naming.  Now all the files are owned by root:Administrator so there is no way to determine who created and who modified any given file.

Secondly, during the startup of zentyal-samba the change of ownership takes some 20-30 minutes and the shares are unavailable during the that process.  They come online (available to users who haver permissions) one by one.  If you have large shares with many files, this makes it impossible to do any changes to config of zentyal, because you always have the fear that the change will restart samba service and make the shares unavailable for half an hour.

christian

  • Guest
Re: SAMBA Error
« Reply #43 on: October 24, 2013, 05:48:32 pm »
There are still unresolved issues:

I would not say these are issues but rather settings not fitting your own design.
1 - What matters in Zentyal design is ACL more than Linux object ownership.
2 - you can still change default behaviour (although this is not available through GUI) so that ACL are not parsed when Samba launches. I already saw multiple posts in this forum relating this.

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #44 on: October 24, 2013, 06:13:30 pm »
Hi Christian, thank you for the prompt feedback.

The behaviour changed from 3.0 to 3.2.  In 3.0, the files certainly were not chowned on samba restart.  I agree that ACLs are more important than the Linux filesystem permissions, but even if you do getfacl on any file, you will not get the information who created a file as it will appear as:
# owner: root
# group: Administrators

So during the zentyal samba startup process all the information about file creators is wiped out.  This is certainly a behaviour that changed from 3.0 to 3.2.

When you refer to disabling the ACL parsing through non-gui interface, I assume you are refering to uncommenting
#unmanaged_acls = yes
in /etc/zentyal/samba.conf

I have not had time to test it.  It seems to me that this will disable the permissions administration through Zentyal's GUI, which is not an optimal solution.

We still want to be able to control the access to shares via Zentyal GUI (that is the ACLs of the shares).  Zentyal can control the ACL access to directories and files, but there is no reason for zentyal-samba to reset the ownership (both filesystem and ACL) to root:Administrators, as critical information about who created the file gets lost.