This is strange as /data and /tmp are 2 partitions on my server and scratch is a directory in /data

/dev/mapper/fedora-data 2832342640 946566920 1741877916  36% /data
/dev/mapper/fedora-tmp   153769424     61780  145826940   1% /tmp

# ls -l /data/
total 52
drwxrwx---.  5 root     staff  4096 Mar 11 13:02 scratch

There is absolutely no symlink involved here.

# smbstatus
Samba version 4.9.4
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing             
----------------------------------------------------------------------------------------------------------------------------------------
20580   smith        smith        10.0.21.223 (ipv4:10.0.21.223:49971)      SMB3_11           -                    partial(AES-128-CMAC)

Service      pid     Machine       Connected at                     Encryption   Signing    
---------------------------------------------------------------------------------------------
scratch      20580   10.0.21.223   Tue Mar 12 06:29:41 PM 2019 CET  -            -          
scratch      20533   10.0.21.251   Tue Mar 12 06:29:06 PM 2019 CET  -            -          
IPC$         20580   10.0.21.223   Tue Mar 12 06:29:37 PM 2019 CET  -            -          

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
20533        1011       DENY_NONE  0x100081    RDONLY     NONE             /data/scratch   .   Tue Mar 12 18:29:06 2019
20533        1011       DENY_NONE  0x100081    RDONLY     NONE             /data/scratch   .   Tue Mar 12 18:29:06 2019

Regards
F

On Tue, Mar 12, 2019 at 7:04 PM Alexander Bokovoy <abokovoy@redhat.com> wrote:
On ti, 12 maalis 2019, fujisan wrote:
>I added a share in smb.conf.regedit then I imported the file with net conf
>import smb.conf.regedit .
>I send you another tar file at your email.
>
>Regards
>F
>
># net conf list
>
>[global]
>    workgroup = MYDOMAIN.LOCAL
>    netbios name = MYSERVER
>    realm = MYDOMAIN.LOCAL
>    kerberos method = dedicated keytab
>    dedicated keytab file = /etc/samba/samba.keytab
>    create krb5 conf = no
>    security = user
>    domain master = yes
>    domain logons = yes
>    max log size = 100000
>    log file = /var/log/samba/log.%m
>    passdb backend =
>ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket
>    disable spoolss = yes
>    ldapsam:trusted = yes
>    ldap ssl = off
>    ldap suffix = dc=mydomain,dc=local
>    ldap user suffix = cn=users,cn=accounts
>    ldap group suffix = cn=groups,cn=accounts
>    ldap machine suffix = cn=computers,cn=accounts
>    rpc_server:epmapper = external
>    rpc_server:lsarpc = external
>    rpc_server:lsass = external
>    rpc_server:lsasd = external
>    rpc_server:samr = external
>    rpc_server:netlogon = external
>    rpc_server:tcpip = yes
>    rpc_daemon:epmd = fork
>    rpc_daemon:lsasd = fork
>    log level = 10
>
>[scratch]
>    path = /data/scratch
>    comment = Scratch shared files
>    create mask = 0644
>    invalid users = opera

Thanks. However, Samba says /data/scratch is a symlink to /tmp which is
outside of the share and therefore fails:

[2019/03/12 18:29:40.679585,  2, pid=20580, effective(1024, 1023), real(1024, 0), class=vfs] ../source3/smbd/vfs.c:1305(check_reduced_name)
  check_reduced_name: Bad access attempt: . is a symlink outside the share path
  conn_rootdir =/data/scratch
  resolved_name=/tmp
[2019/03/12 18:29:40.679613,  5, pid=20580, effective(1024, 1023), real(1024, 0)] ../source3/smbd/filename.c:1271(check_name)
  check_name: name . failed with NT_STATUS_ACCESS_DENIED

May be you can try with /data/scratch not being a symlink. Samba is
pretty serious on not allowing wide symlinks by default.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland