Issue with samba share - possible permissions-related issue?

Lynx · April 19, 2024, 5:08pm

What is the problem you are having with rclone?

With my present version of rclone, I am seeing this error:

and see this samba log:

[2024/04/18 18:20:40.556605,  4] ../../source3/smbd/sec_ctx.c:206(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.556804,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2024/04/18 18:20:40.556858,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.557028,  4] ../../source3/smbd/sec_ctx.c:443(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.557097,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.557167,  4] ../../source3/smbd/vfs.c:938(vfs_ChDir)
  vfs_ChDir to /tmp/run/OneDrive
[2024/04/18 18:20:40.558980,  4] ../../source3/smbd/open.c:4138(open_file_ntcreate)
  calling open_file with flags=0x0 flags2=0x800 mode=0666, access_mask = 0x80, open_access_mask = 0x80
[2024/04/18 18:20:40.560301,  4] ../../source3/smbd/sec_ctx.c:206(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.560488,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(697695528) : conn_ctx_stack_ndx = 0
[2024/04/18 18:20:40.560545,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.560713,  4] ../../source3/smbd/sec_ctx.c:443(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.560774,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.560852,  4] ../../source3/smbd/vfs.c:938(vfs_ChDir)
  vfs_ChDir to /tmp/run/OneDrive
[2024/04/18 18:20:40.562364,  4] ../../source3/smbd/sec_ctx.c:206(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.562554,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(697695528) : conn_ctx_stack_ndx = 0
[2024/04/18 18:20:40.562610,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2024/04/18 18:20:40.562776,  4] ../../source3/smbd/sec_ctx.c:443(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.562837,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:40.562903,  4] ../../source3/smbd/vfs.c:938(vfs_ChDir)
  vfs_ChDir to /tmp/run/OneDrive
[2024/04/18 18:20:41.262385,  3] ../../source3/smbd/smb2_server.c:3962(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../../source3/smbd/smb2_create.c:340
[2024/04/18 18:20:41.264588,  4] ../../source3/smbd/sec_ctx.c:206(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2024/04/18 18:20:41.264801,  4] ../../source3/smbd/uid.c:566(push_conn_ctx)
  push_conn_ctx(697695528) : conn_ctx_stack_ndx = 0
[2024/04/18 18:20:41.264856,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2024/04/18 18:20:41.265021,  4] ../../source3/smbd/sec_ctx.c:443(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:41.265080,  4] ../../source3/smbd/sec_ctx.c:317(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2024/04/18 18:20:41.265143,  4] ../../source3/smbd/vfs.c:938(vfs_ChDir)
  vfs_ChDir to /tmp/run/OneDrive
[2024/04/18 18:20:41.266208,  3] ../../source3/smbd/smb2_server.c:3962(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_SUPPORTED] || at ../../source3/smbd/smb2_create.c:340

when attempting to delete or rename a file on a samba share from an rclone mount based on the same command I have been using for years now on an OpenWrt router:

rclone mount "OneDrive:/Scanned Documents/" /var/run/OneDrive --use-mmap --buffer-size 0 --cache-dir /tmp --vfs-cache-mode writes --vfs-cache-max-age 0s --umask 000 --allow-other --daemon

I can read files just fine, and I can also strangely enough write new files.

I believe that this is an rclone issue because when adding another samba share I am not seeing this issue.

I think this issue relates to the use of a newer version of rclone.

I made a forum post on the OpenWrt forums about this issue here:

Run the command 'rclone version' and share the full output of the command.

root@OpenWrt-1:~# rclone --version
rclone v1.66.0
- os/version: openwrt 23.05.3 (64 bit)
- os/kernel: 5.15.150 (aarch64)
- os/type: linux
- os/arch: arm64 (ARMv8 compatible)
- go/version: go1.21.8
- go/linking: dynamic
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

OneDrive

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone mount "OneDrive:/Scanned Documents/" /var/run/OneDrive --use-mmap --buffer-size 0 --cache-dir /tmp --vfs-cache-mode writes --vfs-cache-max-age 0s --umask 000 --allow-other --daemon

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

root@OpenWrt-1:~# rclone config redacted
[OneDrive]
type = onedrive
region = global
token = XXX
drive_id = XXX
drive_type = business
### Double check the config for sensitive info before posting publicly

A log from the command that you were trying to run with the `-vv` flag

2024/04/19 17:07:08 DEBUG : /: Attr:
2024/04/19 17:07:08 DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxrwxrwx, err=<nil>
2024/04/19 17:07:08 DEBUG : /: Lookup: name="y"
2024/04/19 17:07:08 DEBUG : /: >Lookup: node=y, err=<nil>
2024/04/19 17:07:08 DEBUG : y: Attr:
2024/04/19 17:07:08 DEBUG : y: >Attr: a=valid=1s ino=0 size=6 mode=-rw-rw-rw-, err=<nil>

asdffdsa · April 19, 2024, 5:21pm

if you can, for testing, simplify your setup. just rclone.
--- no samba
--- no openwrt service file. run rclone mount direct on the command line.
--- no --daemon

did you just update rclone?
please confirm that the older version of rclone works?

that is just a small snippet, and no errors.
need to use debug output and post the top 30 lines of the debug log and if any, any errors.
note that rclone is a portable app, does not need to be installed, can just download it from website.

can you post the details on both samba shares, from smb.conf?

Lynx · April 19, 2024, 5:27pm

Good point. I should have mentioned that I can perform the operations just fine on the rclone mount itself. Does that rule out an issue with rclone? I thought it would be some kind of permissions issue that percolated through to samba.

[global]
        netbios name = OpenWrt-1
        interfaces = br-lan
        server string = Samba on OpenWRT
        unix charset = UTF-8
        workgroup = WORKGROUP

        ## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
        bind interfaces only = yes

        ## time for inactive connections to-be closed in minutes
        deadtime = 15

        ## disable core dumps
        enable core files = no

        ## set security (auto, user, domain, ads)
        security = user

        ## This parameter controls whether a remote client is allowed or required to use SMB encryption.
        ## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
    ## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
        ## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer.
        ## (default/auto,desired,required,off)
        #smb encrypt = default

        ## set invalid users
        invalid users = root

        ## map unknow users to guest
        map to guest = Bad User

        ## allow client access to accounts that have null passwords.
        null passwords = yes

        ## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
        ## (tdbsam,smbpasswd,ldapsam)
        passdb backend = smbpasswd

        ## Set location of smbpasswd ('smbd -b' will show default compiled location)
        #smb passwd file = /etc/samba/smbpasswd

        ## LAN (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT) WiFi (SO_KEEPALIVE) try&error for buffer sizes (SO_RCVBUF=65536 SO_SNDBUF=65536)
        socket options = IPTOS_LOWDELAY TCP_NODELAY

        ## If this integer parameter is set to a non-zero value, Samba will read from files asynchronously when the request size is bigger than this value.
        ## Note that it happens only for non-chained and non-chaining reads and when not using write cache.
        ## The only reasonable values for this parameter are 0 (no async I/O) and 1 (always do async I/O).
        ## (1/0)
        #aio read size = 0
        #aio write size = 0

        ## If Samba has been built with asynchronous I/O support, Samba will not wait until write requests are finished before returning the result to the client for files listed in this parameter.
        ## Instead, Samba will immediately return that the write request has been finished successfully, no matter if the operation will succeed or not.
        ## This might speed up clients without aio support, but is really dangerous, because data could be lost and files could be damaged.
        #aio write behind = /*.tmp/

        ## lower CPU useage if supported and aio is disabled (aio read size = 0 ; aio write size = 0)
        ## is this still broken? issue is from 2019 (NOTE: see https://bugzilla.samba.org/show_bug.cgi?id=14095 )
        ## (no, yes)
        #use sendfile = yes

        ## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
        #blocking locks = No

        ## disable loading of all printcap printers by default (iprint, cups, lpstat)
        load printers = No
        printcap name = /dev/null

        ## Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's.
        disable spoolss = yes

        ## This parameters controls how printer status information is interpreted on your system.
        ## (BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ)
        printing = bsd

        ## Disable that nmbd is acting as a WINS server for unknow netbios names
        #dns proxy = No

        ## win/unix user mapping backend
        #idmap config * : backend = tdb

        ## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
        ## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
        ## (netbios, mdns)
        mdns name = mdns

        ## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
        #disable netbios = Yes

        ## Setting this value to no will cause nmbd never to become a local master browser.
        #local master = no

        ## (auto, yes) If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.
        #preferred master = yes

        ## (445 139) Specifies which ports the server should listen on for SMB traffic.
        ## 139 is netbios/nmbd
        #smb ports = 445 139

        ## This is a list of files and directories that are neither visible nor accessible.
        ## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
        veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/

        ## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
        delete veto files = yes

################ Filesystem and creation rules ################
        ## reported filesystem type (NTFS,Samba,FAT)
        #fstype = FAT

        ## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
        #dos filemode = Yes

        ## file/dir creating rules
        #create mask = 0666
        #directory mask = 0777
        #force group = root
        #force user = root
        #inherit owner = windows and unix
################################################################

######### Dynamic written config options #########

[Scanned Documents]
        path = /var/run/OneDrive
        create mask = 0666
        directory mask = 0777
        read only = no
        guest ok = yes
        fruit:encoding = native
        fruit:metadata = stream
        fruit:veto_appledouble = no
        vfs objects = catia fruit streams_xattr  io_uring

asdffdsa · April 19, 2024, 5:53pm

maybe. download the last version of rclone that worked and test...

asdffdsa · April 19, 2024, 6:55pm

as a test quick, i took a server that i already setup for samba.
i did a rclone mount, using v1.66.0, pointing to a pre-existing samba share.
so far, no problems.

on my windows laptop, i was able to net use to that samba share.
i am able to copy files, delete files, rename files.

Lynx · April 19, 2024, 6:58pm

So I have OneDrive --> rclone mount --> samba share. I think you have replicated something close?

I've used for ages, but something has changed.

asdffdsa · April 19, 2024, 7:13pm

here it is

[agent_vserver03_rw]
    path = /data/falconer_agents/vserver03/rw
    valid users = @agent_vserver03
    browsable = no
    read only = no
    guest ok = no

sudo -u user01 -g agent_vserver03 rclone mount wasabi01:zork /data/falconer_agents/vserver03/rw --vfs-cache-mode=full --allow-other -vv

samba -V
Version 4.15.13

rclone v1.66.0
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 6.5.0-27-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.22.1
- go/linking: static
- go/tags: none

Lynx · April 20, 2024, 7:52pm

Thanks for your help @asdffdsa. It indeed turned out that the issue related to samba and not rclone.

I finally figured out the issue based on this link:

https://forums.unraid.net/topic/51633-plugin-rclone/?do=findComment&comment=1093319

Setting this:

which results in this change to smb.conf:

<       vfs objects = io_uring
---
>       fruit:encoding = native
>       fruit:metadata = stream
>       fruit:veto_appledouble = no
>       vfs objects = catia fruit streams_xattr  io_uring

breaks things.

Simply deactiving this setting made everything work properly again (including on my iPhone 15!).

system · April 23, 2024, 7:52pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.