ServerContainers / samba

samba - (ghcr.io/servercontainers/samba) (+ optional zeroconf, wsdd2 & time machine) on alpine [x86 + arm]
451 stars 60 forks source link

Accessible but empty folder #134

Closed osias10 closed 4 months ago

osias10 commented 5 months ago

Hi When I connect the smb server from Windows, the login is normal, but it says empty folder. And when I create a file or folder, there is no response.

However, if i go inside the docker, i can see the file normally.

this is my docker-compose.yml file

  version: '3'

  # docker-compose.yml example for https://github.com/ServerContainers/samba

  services:
    samba:
      image: ghcr.io/servercontainers/samba:latest
      restart: always

      # note that this network_mode makes it super easy (especially for zeroconf) but is not as safe as exposing ports directly
      # more about that here: https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation#hostnetwork

      network_mode: host

      # uncomment to solve bug: https://github.com/ServerContainers/samba/issues/50 - wsdd2 only - not needed for samba
      # cap_add:
      # - CAP_NET_ADMIN

      environment:
        # MODEL: 'TimeCapsule'
        # AVAHI_NAME: StorageServer

        SAMBA_CONF_LOG_LEVEL: 3
        SAMBA_CONF_WORKGROUP: WORKGROUP
        SAMBA_CONF_SERVER_STRING: File Server

        # uncomment to disable optional services
        WSDD2_DISABLE: 1
        AVAHI_DISABLE: 1
        NETBIOS_DISABLE: 1

        # PUID: 1003
        # GUID: 1005

        ACCOUNT_service: passwd
        UID_service: 1003
        SAMBA_VOLUME_CONFIG_sambahome: "[samba_home]; path=/shares/samba_home; valid users = service; guest ok = no; read only = no; browseable = yes;writable = yes"

      volumes:
        - /home/wnsguddk1/work/window_mount:/shares/samba_home

and i connect on winodws file explorer url: \{serverIP}\samba_home id: service pw: passwd

The connection is successful, but it looks like the picture. (i can't see any file and folder) and i can't create folder or file and no error message (Nothing is happening.) image

this is my docker log

    samba-samba-1  | ################################################################################
    samba-samba-1  |
    samba-samba-1  | Welcome to the ghcr.io/servercontainers/samba
    samba-samba-1  |
    samba-samba-1  | ################################################################################
    samba-samba-1  |
    samba-samba-1  | You'll find this container sourcecode here:
    samba-samba-1  |
    samba-samba-1  |     https://github.com/ServerContainers/samba
    samba-samba-1  |
    samba-samba-1  | The container repository will be updated regularly.
    samba-samba-1  |
    samba-samba-1  | ################################################################################
    samba-samba-1  |
    samba-samba-1  |
    samba-samba-1  | mkdir: can't create directory '/var/run/samba': File exists
    samba-samba-1  | >> CONTAINER: starting initialisation
    samba-samba-1  | cp: can't create '/etc/avahi/services/samba.service': No such file or directory
    samba-samba-1  | >> SAMBA CONFIG: no $SAMBA_CONF_MAP_TO_GUEST set, using 'Bad User'
    samba-samba-1  | >> SAMBA CONFIG: $NETBIOS_DISABLE is set - disabling nmbd
    samba-samba-1  | >> ACCOUNT: adding account: service with UID: 1003
    samba-samba-1  | No builtin backend found, trying to load plugin
    samba-samba-1  | load_module_absolute_path: Module '/usr/lib/samba/pdb/smbpasswd.so' loaded
    samba-samba-1  | startsmbfilepwent_internal: file /var/lib/samba/private/smbpasswd did not exist. File successfully created.
    samba-samba-1  | startsmbfilepwent: file /var/lib/samba/private/smbpasswd has invalid permissions 0644 should be 0600.
    samba-samba-1  | Forcing Primary Group to 'Domain Users' for service
    samba-samba-1  | tdb(/var/lib/samba/account_policy.tdb): tdb_open_ex: could not open file /var/lib/samba/account_policy.tdb: No such file or directory
    samba-samba-1  | Could not open tdb: No such file or directory
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 1 (min password length), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 2 (password history), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 3 (user must logon to change password), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 4 (maximum password age), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 5 (minimum password age), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 6 (lockout duration), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 7 (reset count minutes), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 8 (bad lockout attempt), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 9 (disconnect time), returning 0
    samba-samba-1  | account_policy_get: tdb_fetch_uint32_t failed for type 10 (refuse machine password change), returning 0
    samba-samba-1  | Added user service.
    samba-samba-1  | Changing password for service
    samba-samba-1  | New password:
    samba-samba-1  | Bad password: too weak
    samba-samba-1  | Retype password:
    samba-samba-1  | passwd: password for service changed by root
    samba-samba-1  | No builtin backend found, trying to load plugin
    samba-samba-1  | load_module_absolute_path: Module '/usr/lib/samba/pdb/smbpasswd.so' loaded
    samba-samba-1  | New SMB password:
    samba-samba-1  | Retype new SMB password:Forcing Primary Group to 'Domain Users' for service
    samba-samba-1  |
    samba-samba-1  | No builtin backend found, trying to load plugin
    samba-samba-1  | load_module_absolute_path: Module '/usr/lib/samba/pdb/smbpasswd.so' loaded
    samba-samba-1  | Forcing Primary Group to 'Domain Users' for service
    samba-samba-1  | Forcing Primary Group to 'Domain Users' for service
    samba-samba-1  | Enabled user service.
    samba-samba-1  | sed: /etc/avahi/services/samba.service: No such file or directory
    samba-samba-1  |   >> AVAHI: zeroconf model: TimeCapsule
    samba-samba-1  | /container/scripts/entrypoint.sh: line 166: can't create /etc/avahi/services/samba.service: nonexistent directory
    samba-samba-1  | >> VOLUME: adding volume: samba_home (path=/shares/samba_home)
    samba-samba-1  | >> ZEROCONF: samba.service file
    samba-samba-1  | ############################### START ####################################
    samba-samba-1  | cat: can't open '/etc/avahi/services/samba.service': No such file or directory
    samba-samba-1  | ################################ END #####################################
    samba-samba-1  | >> WSDD2 - DISABLED
    samba-samba-1  | >> AVAHI - DISABLED
    samba-samba-1  | >> NETBIOS - DISABLED
    samba-samba-1  |
    samba-samba-1  | >> SAMBA: check smb.conf file using 'testparm -s'
    samba-samba-1  | ############################### START ####################################
    samba-samba-1  | Load smb config files from /etc/samba/smb.conf
    samba-samba-1  | # Global parameters
    samba-samba-1  | [global]
    samba-samba-1  | Loaded services file OK.
    samba-samba-1  | Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
    samba-samba-1  |
    samba-samba-1  | Server role: ROLE_STANDALONE
    samba-samba-1  |
    samba-samba-1  |        disable netbios = Yes
    samba-samba-1  |        dns proxy = No
    samba-samba-1  |        load printers = No
    samba-samba-1  |        log file = /dev/stdout
    samba-samba-1  |        map to guest = Bad User
    samba-samba-1  |        obey pam restrictions = Yes
    samba-samba-1  |        passdb backend = smbpasswd
    samba-samba-1  |        printcap name = /dev/null
    samba-samba-1  |        security = USER
    samba-samba-1  |        server role = standalone server
    samba-samba-1  |        server string = File Server
    samba-samba-1  |        smb1 unix extensions = No
    samba-samba-1  |        fruit:aapl = yes
    samba-samba-1  |        fruit:model = TimeCapsule
    samba-samba-1  |        idmap config * : backend = tdb
    samba-samba-1  |        acl allow execute always = Yes
    samba-samba-1  |        vfs objects = catia fruit streams_xattr
    samba-samba-1  |        wide links = Yes
    samba-samba-1  |
    samba-samba-1  |
    samba-samba-1  | [samba_home]
    samba-samba-1  |        path = /shares/samba_home
    samba-samba-1  |        read only = No
    samba-samba-1  |        valid users = service
    samba-samba-1  | ############################### END ####################################
    samba-samba-1  |
    samba-samba-1  |
    samba-samba-1  | >> SAMBA: print whole smb.conf
    samba-samba-1  | ############################### START ####################################
    samba-samba-1  | [global]
    samba-samba-1  |    server role = standalone server
    samba-samba-1  |    log file = /dev/stdout
    samba-samba-1  |    dns proxy = no
    samba-samba-1  |
    samba-samba-1  |    # password stuff
    samba-samba-1  |    passdb backend = smbpasswd
    samba-samba-1  |
    samba-samba-1  |    obey pam restrictions = yes
    samba-samba-1  |    security = user
    samba-samba-1  |    printcap name = /dev/null
    samba-samba-1  |    load printers = no
    samba-samba-1  |    dns proxy = no
    samba-samba-1  |    wide links = yes
    samba-samba-1  |    follow symlinks = yes
    samba-samba-1  |    unix extensions = no
    samba-samba-1  |    acl allow execute always = yes
    samba-samba-1  |
    samba-samba-1  |    # MacOS Compatibility options
    samba-samba-1  |    vfs objects = catia fruit streams_xattr
    samba-samba-1  |
    samba-samba-1  |    # Special configuration for Apple's Time Machine
    samba-samba-1  |    fruit:model = TimeCapsule
    samba-samba-1  |    fruit:aapl = yes
    samba-samba-1  |
    samba-samba-1  |    # Docker Envs global config options
    samba-samba-1  |    log level = 3
    samba-samba-1  |    workgroup = WORKGROUP
    samba-samba-1  |    server string = File Server
    samba-samba-1  |    map to guest = Bad User
    samba-samba-1  |    disable netbios = yes
    samba-samba-1  |
    samba-samba-1  | [samba_home]
    samba-samba-1  |  path=/shares/samba_home
    samba-samba-1  |  valid users = service
    samba-samba-1  |  guest ok = no
    samba-samba-1  |  read only = no
    samba-samba-1  |  browseable = yes
    samba-samba-1  | writable = yes
    samba-samba-1  |
    samba-samba-1  | ############################### END ####################################
    samba-samba-1  |
    samba-samba-1  | >> CMD: exec docker CMD
    samba-samba-1  | runsvdir -P /container/config/runit
    samba-samba-1  | + sleep 2
    samba-samba-1  | + exec smbd --foreground
    samba-samba-1  | [2024/06/21 01:07:49.864182,  0] ../../source3/smbd/server.c:1746(main)
    samba-samba-1  |   smbd version 4.19.6 started.
    samba-samba-1  |   Copyright Andrew Tridgell and the Samba Team 1992-2023
    samba-samba-1  | [2024/06/21 01:07:49.864327,  2] ../../source3/smbd/server.c:1750(main)
    samba-samba-1  |   uid=0 gid=0 euid=0 egid=0
    samba-samba-1  | [2024/06/21 01:07:49.866100,  2] ../../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
    samba-samba-1  |   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
    samba-samba-1  | [2024/06/21 01:07:49.866227,  3] ../../source3/param/loadparm.c:3997(lp_load_ex)
    samba-samba-1  |   lp_load_ex: refreshing parameters
    samba-samba-1  | [2024/06/21 01:07:49.866327,  3] ../../source3/param/loadparm.c:559(init_globals)
    samba-samba-1  |   Initialising global parameters
    samba-samba-1  | [2024/06/21 01:07:49.866445,  3] ../../source3/param/loadparm.c:2899(lp_do_section)
    samba-samba-1  |   Processing section "[global]"
    samba-samba-1  | [2024/06/21 01:07:49.866581,  2] ../../source3/param/loadparm.c:2916(lp_do_section)
    samba-samba-1  |   Processing section "[samba_home]"
    samba-samba-1  | [2024/06/21 01:07:49.866702,  3] ../../source3/param/loadparm.c:1683(lp_add_ipc)
    samba-samba-1  |   adding IPC service
    samba-samba-1  |   added interface br-441cad11df21 ip=172.18.0.1 bcast=172.18.255.255 netmask=255.255.0.0
    samba-samba-1  |   added interface ens255f0 ip=10.0.8.23 bcast=10.0.8.255 netmask=255.255.255.0
    samba-samba-1  |   added interface br-989f2bf5175c ip=172.16.0.1 bcast=172.16.255.255 netmask=255.255.0.0
    samba-samba-1  |   added interface docker0 ip=172.17.0.1 bcast=172.17.255.255 netmask=255.255.0.0
    samba-samba-1  |   added interface br-de35e18124cb ip=172.19.0.1 bcast=172.19.255.255 netmask=255.255.0.0
    samba-samba-1  |   added interface br-7b6ffb783e26 ip=172.20.0.1 bcast=172.20.255.255 netmask=255.255.0.0
    samba-samba-1  | [2024/06/21 01:07:49.868066,  3] ../../source3/smbd/server.c:1814(main)
    samba-samba-1  |   loaded services
    samba-samba-1  | [2024/06/21 01:07:49.868162,  3] ../../source3/profile/profile_dummy.c:30(set_profile_level)
    samba-samba-1  |   set_profile_level: INFO: Profiling support unavailable in this build.
    samba-samba-1  | [2024/06/21 01:07:49.868191,  3] ../../source3/smbd/server.c:1833(main)
    samba-samba-1  |   Standard input is not a socket, assuming -D option
    samba-samba-1  | [2024/06/21 01:07:49.868207,  3] ../../source3/smbd/server.c:1846(main)
    samba-samba-1  |   Becoming a daemon.
    samba-samba-1  | [2024/06/21 01:07:49.927538,  2] ../../source3/passdb/pdb_interface.c:163(make_pdb_method_name)
    samba-samba-1  |   No builtin backend found, trying to load plugin
    samba-samba-1  | [2024/06/21 01:07:49.927771,  3] ../../lib/util/modules.c:167(load_module_absolute_path)
    samba-samba-1  |   load_module_absolute_path: Module '/usr/lib/samba/pdb/smbpasswd.so' loaded
    samba-samba-1  | [2024/06/21 01:07:50.198410,  3] ../../source3/lib/util_procid.c:53(pid_to_procid)
    samba-samba-1  |   pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
    samba-samba-1  | [2024/06/21 01:07:50.200786,  2] ../../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log)
    samba-samba-1  |   tdb(/var/lib/samba/registry.tdb): tdb_open_ex: could not open file /var/lib/samba/registry.tdb: No such file or directory
    samba-samba-1  | [2024/06/21 01:07:50.200835,  3] ../../lib/dbwrap/dbwrap_tdb.c:484(db_open_tdb)
    samba-samba-1  |   Could not open tdb: No such file or directory
    samba-samba-1  | [2024/06/21 01:07:50.313985,  3] ../../source3/auth/token_util.c:688(finalize_local_nt_token)
    samba-samba-1  |   Failed to fetch domain sid for WORKGROUP
    samba-samba-1  | [2024/06/21 01:07:50.348850,  2] ../../source3/smbd/server.c:1371(smbd_parent_loop)
    samba-samba-1  |   waiting for connections
    samba-samba-1  | [2024/06/21 01:08:18.168442,  3] ../../lib/util/access.c:372(allow_access)
    samba-samba-1  |   Allowed connection from 10.0.25.90 (10.0.25.90)
MarvAmBass commented 5 months ago

seems to me to be a permissions issue - config and everything looks good.

make sure the user service has read / write permissions on the share and it's files also check if the folder really is empty - maybe it is

it could be the case that the directory on the host is not mounted - maybe that's the reason

osias10 commented 5 months ago

The mount appears to be well placed.

When I create a new folder or a new text document in Windows Explorer, it still comes out as an empty folder in Explorer, but it seems that the file was created normally inside both the host and docker in linux.

image

It's like I can create a file but I can't see it, is there something I missed?

host system's window_mount folder permission is 777

MarvAmBass commented 5 months ago

interessting, especially since you mentioned that you gave it permissions of 777...

please check the permissions of the folders:

/home/wnsguddk1/work/window_mount on host and if it has contents /shares/samba_home inside the container and if it has contents - the same contents

can you create a file from your windows explorer?

it could be the case that there is an issue with your locale / utf symbols - I once had an issue were certain files with sophisticated filenames were only visible on the filesystem but not in the samba share...

MarvAmBass commented 5 months ago

another thing you can try is:

change:

      volumes:
        - /home/wnsguddk1/work/window_mount:/shares/samba_home

to

      volumes:
        - ./testshare:/shares/samba_home

and give this folder ./testshare permissions of 777

can you please add how /home/wnsguddk1/work/window_mount is mounted? seems to me like some special mount, maybe a tunnel from a virtual machine to it's windows host - maybe the fs implementation has troubles supporting certian features...

osias10 commented 5 months ago

As you told me, I modified the mount position to ./testshare in docker-compose.yml.

volumes:
      - ./testshare:/shares/samba_home

and reconnect smb

testshare permission is 777 image

when i click new folder button in windows file explorer It still appears as an empty folder in Windows File Explorer, but it is created in Linux Server image

in docker: UID 1003 is service(username) in host UID 1003 is wnsguddk1(username)

ps. "/home/wnsguddk1/work/window_mount" is not mounted folder, window_mount is just file name (that path is hdd , xfs filesystem)

MarvAmBass commented 5 months ago

interessing can you create a file inisde this testshare using touch testfile; chmod 777 testfile

what kind of linux distribution do you use? maybe some selinux context which keeps samba from accessing the files