0

I have a machine, which we can call HOST, that exports /home via NFSv4. It also runs several VMs, including one we can call SAMBA, which mounts and then re-exports (yes, I know this is not recommended) the NFSv4 shares over a different network to Windows 7 clients via Samba.

On HOST, /etc/exports is thus:

/exports X.X.X.0/24(rw,fsid=0,root_squash,no_all_squash,crossmnt)
/exports/home X.X.X.0/24(rw,fsid=1,root_squash,no_all_squash)

But I also have read-only bind mounts that I add to that to give users read-only access to rsynced backup directories elsewhere in the filesystem, so the mount command prints:

/dev/mapper/vg_home-home on /home type ext4 (rw)
/home on /exports/home type none (rw,bind)
/backup/home/user1 on /exports/home/user1/BACKUP type none (ro,bind)
/backup/home/user2 on /exports/home/user2/BACKUP type none (ro,bind)
...

The Samba VM, SAMBA, mounts these just fine with:

X.X.X.X:/home /home nfs4 rw,sync,hard,bg 0 0

Further, any user logged onto SAMBA can access his home directory and the BACKUP sub-directory that's bind-mounted on HOST. The Windows 7 clients can access user home directories just fine, but if they attempt to enter the BACKUP sub-directory of their home directories, they get the following message:

BACKUP is not accessible. Access is denied.

Some relevant smb.conf parameters:

strict locking = no
security = ads
domain = DOMAIN.ADS.SERVER
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    create mask = 0600
    directory mask = 0700
    valid users = DOMAIN\%S

I do not have the unix extensions or link-related options in my smb.conf.

I'm confused about this since I would expect the Samba server to see the NFS file system exactly the same as the shell sees it. Further, I wouldn't expect the Samba server to be able to differentiate the BACKUP sub-directory from any other sub-directory, since it's bind mounted on another machine beneath the NFS export.

  • Permissions are:

    dr-x------. user1 user1 system_u:object_r:nfs_t:s0 BACKUP

  • HOST is CentOS 6.7
  • SAMBA has samba-3.6.23 from CentOS 6.7

How can I set this up so that my users can access their read-only bind-mounted backups?

Does it make a difference whether the bind mount is on /home/userX vs /exports/home/userX?

Edit

On SAMBA:

smbclient '\\localhost\user1' -c 'lcd /tmp; cd BACKUP/2016-06-09/user1; get test.txt;' -U user1

The result is that the file is successfully accessed and copied to /tmp. The standard entries appear in the log file.

On Windows clients with log level = 3 this is the result of one attempt to enter BACKUP in explorer:

[2016/06/11 11:21:59.865002,  3] smbd/process.c:1609(process_smb)
  Transaction 4046 of length 118 (0 toread)
[2016/06/11 11:21:59.865120,  3] smbd/process.c:1414(switch_message)
  switch message SMBtconX (pid 3216) conn 0x0
[2016/06/11 11:21:59.865220,  3] lib/access.c:338(allow_access)
  Allowed connection from 132.216.24.231 (132.216.24.231)
[2016/06/11 11:21:59.865284,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2016/06/11 11:21:59.865341,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2016/06/11 11:21:59.865375,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2016/06/11 11:21:59.865471,  3] smbd/service.c:1114(make_connection_snum)
  REMOTE_WINDOWS_COMPUTER (XXX.XXX.XXX.XXX) connect to service IPC$ initially as user user1 (uid=XXXX, gid=XXXX) (pid 3216)
[2016/06/11 11:21:59.865512,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$
[2016/06/11 11:21:59.866538,  3] smbd/process.c:1609(process_smb)
  Transaction 4047 of length 76 (0 toread)
[2016/06/11 11:21:59.866593,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2dfa00
[2016/06/11 11:21:59.866644,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(4291) cmd=50 (SMBtrans2) NT_STATUS_INVALID_HANDLE
[2016/06/11 11:21:59.867219,  3] smbd/process.c:1609(process_smb)
  Transaction 4048 of length 128 (0 toread)
[2016/06/11 11:21:59.867259,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.887101,  3] smbd/filename.c:1120(get_real_filename_full_scan)
  scan dir didn't open dir [BACKUP]
[2016/06/11 11:21:59.887179,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP/desktop.ini] [/home/user1]
[2016/06/11 11:21:59.893101,  3] smbd/vfs.c:963(check_reduced_name)
  check_reduced_name: couldn't get realpath for BACKUP/desktop.ini
[2016/06/11 11:21:59.893176,  3] smbd/filename.c:1365(filename_convert)
  filename_convert: check_name failed for name BACKUP/desktop.ini with NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.893221,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.893287,  3] smbd/process.c:1609(process_smb)
  Transaction 4049 of length 76 (0 toread)
[2016/06/11 11:21:59.893327,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2dfa00
[2016/06/11 11:21:59.893376,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(4291) cmd=50 (SMBtrans2) NT_STATUS_INVALID_HANDLE
[2016/06/11 11:21:59.893458,  3] smbd/process.c:1609(process_smb)
  Transaction 4050 of length 80 (0 toread)
[2016/06/11 11:21:59.893495,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.893540,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2016/06/11 11:21:59.893575,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/home/user1]
[2016/06/11 11:21:59.893604,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: . reduced to /home/user1
[2016/06/11 11:21:59.893646,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0
[2016/06/11 11:21:59.894161,  3] smbd/process.c:1609(process_smb)
  Transaction 4051 of length 104 (0 toread)
[2016/06/11 11:21:59.894226,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 3216) conn 0x7ff16a2dfa00
[2016/06/11 11:21:59.894273,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\MsFteWds> data=0 params=0 setup=2
[2016/06/11 11:21:59.894308,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <MsFteWds> name
[2016/06/11 11:21:59.894332,  3] smbd/ipc.c:546(named_pipe)
  unknown named pipe: setup 0x53 setup1=0
[2016/06/11 11:21:59.894390,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/ipc.c(548) cmd=37 (SMBtrans) NT_STATUS_NOT_SUPPORTED
[2016/06/11 11:21:59.894457,  3] smbd/process.c:1609(process_smb)
  Transaction 4052 of length 128 (0 toread)
[2016/06/11 11:21:59.894518,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.913098,  3] smbd/filename.c:1120(get_real_filename_full_scan)
  scan dir didn't open dir [BACKUP]
[2016/06/11 11:21:59.913169,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP/desktop.ini] [/home/user1]
[2016/06/11 11:21:59.919103,  3] smbd/vfs.c:963(check_reduced_name)
  check_reduced_name: couldn't get realpath for BACKUP/desktop.ini
[2016/06/11 11:21:59.919172,  3] smbd/filename.c:1365(filename_convert)
  filename_convert: check_name failed for name BACKUP/desktop.ini with NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.919215,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.919282,  3] smbd/process.c:1609(process_smb)
  Transaction 4053 of length 80 (0 toread)
[2016/06/11 11:21:59.919321,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.919357,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2016/06/11 11:21:59.919389,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/home/user1]
[2016/06/11 11:21:59.919417,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: . reduced to /home/user1
[2016/06/11 11:21:59.919452,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1005 call=5 total_data=0
[2016/06/11 11:21:59.929420,  3] smbd/process.c:1609(process_smb)
  Transaction 4054 of length 94 (0 toread)
[2016/06/11 11:21:59.929495,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.929527,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2016/06/11 11:21:59.929561,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:21:59.929594,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:21:59.929632,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1004 call=5 total_data=0
[2016/06/11 11:21:59.931360,  3] smbd/process.c:1609(process_smb)
  Transaction 4055 of length 94 (0 toread)
[2016/06/11 11:21:59.931416,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.931451,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2016/06/11 11:21:59.931486,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:21:59.931519,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:21:59.931553,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1005 call=5 total_data=0
[2016/06/11 11:21:59.933423,  3] smbd/process.c:1609(process_smb)
  Transaction 4056 of length 104 (0 toread)
[2016/06/11 11:21:59.933472,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.933510,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:21:59.933544,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:21:59.943087,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.943202,  3] smbd/process.c:1609(process_smb)
  Transaction 4057 of length 128 (0 toread)
[2016/06/11 11:21:59.943256,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.965099,  3] smbd/filename.c:1120(get_real_filename_full_scan)
  scan dir didn't open dir [BACKUP]
[2016/06/11 11:21:59.965169,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP/desktop.ini] [/home/user1]
[2016/06/11 11:21:59.974096,  3] smbd/vfs.c:963(check_reduced_name)
  check_reduced_name: couldn't get realpath for BACKUP/desktop.ini
[2016/06/11 11:21:59.974158,  3] smbd/filename.c:1365(filename_convert)
  filename_convert: check_name failed for name BACKUP/desktop.ini with NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.974191,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:21:59.975314,  3] smbd/process.c:1609(process_smb)
  Transaction 4058 of length 128 (0 toread)
[2016/06/11 11:21:59.975390,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:21:59.999096,  3] smbd/filename.c:1120(get_real_filename_full_scan)
  scan dir didn't open dir [BACKUP]
[2016/06/11 11:21:59.999163,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP/desktop.ini] [/home/user1]
[2016/06/11 11:22:00.008092,  3] smbd/vfs.c:963(check_reduced_name)
  check_reduced_name: couldn't get realpath for BACKUP/desktop.ini
[2016/06/11 11:22:00.008153,  3] smbd/filename.c:1365(filename_convert)
  filename_convert: check_name failed for name BACKUP/desktop.ini with NT_STATUS_ACCESS_DENIED
[2016/06/11 11:22:00.008204,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:22:00.009283,  3] smbd/process.c:1609(process_smb)
  Transaction 4059 of length 104 (0 toread)
[2016/06/11 11:22:00.009349,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:22:00.009388,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:22:00.009422,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:22:00.009455,  3] smbd/dosmode.c:159(unix_mode)
  unix_mode(BACKUP) returning 0600
[2016/06/11 11:22:00.015099,  3] smbd/open.c:555(open_file)
  Error opening file BACKUP (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0)
[2016/06/11 11:22:00.015177,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2016/06/11 11:22:00.017178,  3] smbd/process.c:1609(process_smb)
  Transaction 4060 of length 94 (0 toread)
[2016/06/11 11:22:00.017255,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:22:00.017287,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2016/06/11 11:22:00.017322,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:22:00.017359,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:22:00.017393,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1004 call=5 total_data=0
[2016/06/11 11:22:00.018232,  3] smbd/process.c:1609(process_smb)
  Transaction 4061 of length 94 (0 toread)
[2016/06/11 11:22:00.018271,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:22:00.018299,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2016/06/11 11:22:00.018331,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:22:00.018363,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:22:00.018396,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1005 call=5 total_data=0

And this is the result of one attempt to execute dir BACKUP in a CMD shell:

[2016/06/11 11:28:25.456492,  3] smbd/process.c:1609(process_smb)
  Transaction 4116 of length 80 (0 toread)
[2016/06/11 11:28:25.456573,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.456626,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2016/06/11 11:28:25.456678,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/home/user1]
[2016/06/11 11:28:25.456713,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: . reduced to /home/user1
[2016/06/11 11:28:25.456789,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0
[2016/06/11 11:28:25.457686,  3] smbd/process.c:1609(process_smb)
  Transaction 4117 of length 80 (0 toread)
[2016/06/11 11:28:25.457736,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.457765,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2016/06/11 11:28:25.457816,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [.] [/home/user1]
[2016/06/11 11:28:25.457846,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: . reduced to /home/user1
[2016/06/11 11:28:25.457881,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo . (fnum = -1) level=1005 call=5 total_data=0
[2016/06/11 11:28:25.458843,  3] smbd/process.c:1609(process_smb)
  Transaction 4118 of length 74 (0 toread)
[2016/06/11 11:28:25.458893,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.458924,  3] smbd/trans2.c:3629(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 261
[2016/06/11 11:28:25.458956,  3] smbd/trans2.c:3046(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 261
[2016/06/11 11:28:25.460001,  3] smbd/process.c:1609(process_smb)
  Transaction 4119 of length 94 (0 toread)
[2016/06/11 11:28:25.460039,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.460067,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2016/06/11 11:28:25.460108,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:28:25.460150,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:28:25.460184,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1004 call=5 total_data=0
[2016/06/11 11:28:25.461046,  3] smbd/process.c:1609(process_smb)
  Transaction 4120 of length 94 (0 toread)
[2016/06/11 11:28:25.461090,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.461117,  3] smbd/trans2.c:5288(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2016/06/11 11:28:25.461149,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP] [/home/user1]
[2016/06/11 11:28:25.461181,  3] smbd/vfs.c:1057(check_reduced_name)
  check_reduced_name: BACKUP reduced to /home/user1/BACKUP
[2016/06/11 11:28:25.461214,  3] smbd/trans2.c:5432(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo BACKUP (fnum = -1) level=1005 call=5 total_data=0
[2016/06/11 11:28:25.462643,  3] smbd/process.c:1609(process_smb)
  Transaction 4121 of length 74 (0 toread)
[2016/06/11 11:28:25.462680,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.462708,  3] smbd/trans2.c:3629(call_trans2qfsinfo)
  call_trans2qfsinfo: level = 258
[2016/06/11 11:28:25.462735,  3] smbd/trans2.c:3046(smbd_do_qfsinfo)
  smbd_do_qfsinfo: level = 258
[2016/06/11 11:28:25.467185,  3] smbd/process.c:1609(process_smb)
  Transaction 4122 of length 104 (0 toread)
[2016/06/11 11:28:25.467235,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans2 (pid 3216) conn 0x7ff16a2e5ee0
[2016/06/11 11:28:25.467274,  3] smbd/trans2.c:2377(call_trans2findfirst)
  call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x102, max_data_bytes = 16384
[2016/06/11 11:28:25.467320,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [BACKUP/*] [/home/user1]
[2016/06/11 11:28:25.473939,  3] smbd/vfs.c:963(check_reduced_name)
  check_reduced_name: couldn't get realpath for BACKUP/*
[2016/06/11 11:28:25.473999,  3] smbd/filename.c:1365(filename_convert)
  filename_convert: check_name failed for name BACKUP/* with NT_STATUS_ACCESS_DENIED
[2016/06/11 11:28:25.474041,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/trans2.c(2430) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED

Which, on Windows, shows "File not found".

It's also worth mentioning that none of these solve the problem:

unix extensions = no
follow symlinks = yes
wide links = yes
rg6
  • 185
  • 1
  • 11
  • What does samba log when a user attempts to open BACKUP? – DerfK Jun 03 '16 at 19:08
  • @DerfK Attempting to enter this directory on a Windows 7 machine does not generate any entries in /var/log/samba/smb.conf (even on "log level = 2", and it also does not generate any entries in /var/log/secure. From the server's persective it's as if nothing has happened, but the client gives the "H:\BACKUP is not accessible. Access is denied." error – rg6 Jun 04 '16 at 23:12
  • @DerfK For completeness, I also added SELinux permissions on BACKUP in the post. – rg6 Jun 04 '16 at 23:14
  • Try using `smbclient` to connect to the server from itself and see if it also has an error getting into that folder. Check selinux's log to see if it's denying access to samba (not sure why samba wouldn't log that though). – DerfK Jun 09 '16 at 15:34
  • For posterity, the Samba log files were /var/log/samba/log.*, not /var/log/samba.smb.conf. And @DerfK, the SELinux log is, I believe /var/log/secure in CentOS, and when I checked that it didn't reflect any access denials from the Windows remote hosts. – rg6 Jun 11 '16 at 13:44
  • @DerfK What a great idea! I included the result in an edit above. In short, I can access files behind the bind mount with the local Samba client. Weird! If you have any ideas, I'm all ears! And thank you! – rg6 Jun 11 '16 at 13:51

0 Answers0