Bug 11587 - Permission denied to ordinary users in the sysvol/netlogon directory
Summary: Permission denied to ordinary users in the sysvol/netlogon directory
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.3.1
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-02 18:13 UTC by Jorge
Modified: 2020-10-03 00:06 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jorge 2015-11-02 18:13:38 UTC 
I did a clean install of Samba 4.2 and after some time I realized that ordinary users no longer had access to the sysvol share and therefore the netlogon. The user normally accesses administrator. I realized a lot of research and took the following measures have been unsuccessful:

* Check the permissions on Linux;
* samba-tool ntacl sysvolreset
* samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
* samba-tool dbcheck --cross-ncs --fix
* Checking the ACL vestments and other options in /etc/fstab. (/usr/local	ext4    defaults,barrier=1,acl,user_xattr)
* samba-tool ntacl sysvolcheck  It has no errors.

Apart from these measures all tests suggested the installation procedure were again carried out in order to identify any problems caused by some supposed update.

After a while I decided to upgrade to the latest stable version as per the procedures in https://wiki.samba.org/index.php/Updating_Samba.
Even after upgrading to version 4.3.1 the problem continues.

Obs.: The problem of access is restricted to sysvol and netlogon shares. The remaining shares used in the environment work perfectly.

The following description of the environment:
OS: CentOS release 6.7 (Final)
Samba Version 4.3.1

LOG
[02/11/2015 15: 41: 21.439456, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.442788, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.443086, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.443348, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.444196, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.444456, 3] ../source3/smbd/service.c:198(set_current_service)
  chdir (/ usr / local / samba / var / locks / sysvol) failed, reason: Permission denied
[02/11/2015 15: 41: 21.470451, 3] ../source3/smbd/service.c:198(set_current_service)

SMB.CONF
[global]
	workgroup = CMES
	realm = CMES.NET
	netbios name = CMES1
	netbios aliases = server
	interfaces = lo eth0
	bind interfaces only = Yes
	server role = active directory domain controller
	log level = 3
	syslog = 3
	log file = /var/log/samba/samba.log
	max log size = 50
	wins server = 192.168.1.2
	wins support = Yes
	winbind use default domain = Yes
	dns forwarder = 192.168.1.1
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/cmes.net/scripts
	read only = No

[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No
.
.
.
Comment 1 Björn Jacke 2020-10-03 00:06:15 UTC 
Permission denied comes from the OS, not from Samba. You should check why your OS doesn't allow access to those directories.