Fedora SB 41
I wish to create a podman container to run the samba server from this image; but I am always getting the error NT_STATUS_ACCESS_DENIED for write operations, working fine for read operations.
This is how I start it:
podman run
topolini@fc40sb:~/Samba$ cat samba-start.bash
#!/usr/bin/bash
WORKDIR="$(pwd)/workdir"
echo "WORKDIR=$WORKDIR"
podman run \
--userns=keep-id:uid=1000,gid=1000 \
--rm \
--name smbd \
--publish 4450:445 \
-v "${WORKDIR}/config":/usr/local/etc \
-v "${WORKDIR}/share":/share:z \
-e SAMBACC_CONFIG="/usr/local/etc/config.json" \
quay.io/samba.org/samba-server:latest \
run smbd
# smbclient -U 'SAMBA\sambauser%samba' //localhost/share
topolini@fc40sb:~/Samba$ vi samba-start.bash
topolini@fc40sb:~/Samba$ ./samba-start.bash
WORKDIR=/var/home/ltosolini/Samba/workdir
smbd version 4.21.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2024
And this is the error I get from client:
smbclient
fc40sb:~/Samba$ smbclient --debug-stdout --debuglevel=3 --port 4450 -U 'SAMBA\sambauser%samba' //localhost/share
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
added interface ens160 ip=192.168.255.13 bcast=192.168.255.255 netmask=255.255.255.0
Client started (version 4.21.2).
tdb(/var/lib/samba/lock/gencache.tdb): tdb_open_ex: could not open file /var/lib/samba/lock/gencache.tdb: Permission denied
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
Connecting to 127.0.0.1 at port 4450
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
gensec_gse_client_start: Not using kerberos to cifs/localhost as SAMBA\sambauser: NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Try "help" to get a list of possible commands.
smb: \>
smb: \>
smb: \> dir
dos_clean_name [\*]
unix_clean_name [\*]
. D 0 Sat Dec 21 18:52:47 2024
.. D 0 Sat Dec 21 18:52:47 2024
luca.txt N 14 Fri Dec 20 18:18:42 2024
pippo N 29 Sat Dec 21 18:52:47 2024
51377152 blocks of size 1024. 23683432 blocks available
Total bytes listed: 43
smb: \> mkdir ciao
dos_clean_name [\ciao]
unix_clean_name [\ciao]
NT_STATUS_ACCESS_DENIED making remote directory \ciao
And this is the config, pretty straightforward:
Summary
topolini@fc40sb:~/Samba$ cat workdir/config/config.json
{
"samba-container-config": "v0",
"configs": {
"demo": {
"shares": [
"share"
],
"globals": [
"default"
],
"instance_name": "SAMBA"
}
},
"shares": {
"share": {
"options": {
"path": "/share",
"valid users": "sambauser"
}
}
},
"globals": {
"default": {
"options": {
"security": "user",
"server min protocol": "SMB2",
"load printers": "no",
"printing": "bsd",
"printcap name": "/dev/null",
"disable spoolss": "yes",
"guest ok": "no"
}
}
},
"users": {
"all_entries": [
{
"name": "sambauser",
"password": "samba"
}
]
},
"_footer": 1
}