Samba на QNAP TS-863U-RP.
Доброго времени всем! Появилась необходимость перевезти файловое хранилище с CentOS 6.9 на железку QNAP TS-863U-RP. Ч\з web настроили, ввели в домен, настроили шары, дали права.
В первый же рабочий день начались проблемы, некоторые специалисты не могут подключиться к шарам. Т.е. доступ к шарам дан ч\з доменные группы, кто-то из группы нормально подключается, а кто-то нет.
При разбирательстве выяснили, что у специалистов которые не могут подключиться такая ситуация:
[~] # getent passwd Budaeva
005budaevadr:*:10001924:10000514:ovp:/share/homes/DOMAIN=НАШ_ДОМЕН/budaeva:/bin/false
[~] # wbinfo -r Budaeva
10001924
10000514
10003093
10002701
10003111
10001968
10002706
10002713
10002710
400003
10001115
10001117
10002376
10002382
10002914
10002915
10002972
10003008
10005208
400002
[~] # id Budaeva
uid=10001924 gid=10000514(пользователи домена)
[~] # id Avanesov
uid=10002739(avanesov) gid=10000514(пользователи домена) groups=10000514(пользователи домена)
[~] # uname -a
Linux nas20 4.2.8 #1 SMP Tue May 16 09:18:49 CST 2017 x86_64 GNU/Linux
[~] # smb2status
smbd (samba daemon) Version 4.4.9
smbd (samba daemon) is running.
max protocol SMB 3.0 enabled.
[global]
passdb backend = smbpasswd
workgroup = НАШ_ДОМЕН
security = ADS
server string =
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE
os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = no
load printers=no
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/.@__qini/.Qsync/.@upload_cache/.qsync/.qsync_sn/.@qsys/.streams/.digest/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
server role = auto
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
inherit acls = no
domain logons = no
min receivefile size = 256
case sensitive = auto
domain master = no
local master = no
enhance acl v1 = yes
remove everyone = no
conn log = no
kernel oplocks = no
lock directory = /share/CACHEDEV1_DATA/.samba/lock
state directory = /share/CACHEDEV1_DATA/.samba/state
cache directory = /share/CACHEDEV1_DATA/.samba/cache
printcap cache time = 0
acl allow execute always = yes
pid directory = /var/lock
printcap name=/etc/printcap
printing=cups
show add printer wizard=no
smb2 leases = yes
durable handles = yes
kernel share modes = no
posix locking = no
server signing = disabled
streams_depot:delete_lost = yes
streams_depot:check_valid = no
fruit:nfs_aces = no
fruit:veto_appledouble = no
wins support = no
winbind refresh tickets = Yes
winbind use default domain = yes
idmap config НАШ_ДОМЕН : base_rid = 0
host msdfs = yes
allow trusted domains = no
realm = НАШ_ДОМЕН
ldap timeout = 5
client ipc max protocol = NT1
client ipc min protocol = CORE
client ipc signing = auto
password server = sw00500008001dc.НАШ_ДОМЕН
pam password change = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind cache time = 3600
idmap config * : backend = tdb
idmap config * : range = 1400001-1500000
idmap config НАШ_ДОМЕН : backend = tdb
idmap config НАШ_ДОМЕН : range = 10000001-20000000
vfs objects = shadow_copy2 catia fruit qnap_macea streams_depot