Re: [Samba] Can Map shares but cannot write
The culprit was selinux. Thanks for everyone's help! Mike On Wed, Jun 30, 2010 at 2:26 PM, Gaiseric Vandal wrote: > What happens if you try to mount a samba share via CIFS from linux (e.g. > smbclient, mount -o cifs ?) Or may be mount the drive in windows with the > "net use" command.Either way you explicitly set the domain/username. > > Do any of the other log files refer to issues with mapping users? > > What is the Host OS? Guessing some linux varient? > > > > > On 06/30/2010 02:40 PM, James Zuelow wrote: > >> Original Message >> From: samba-boun...@lists.samba.org >> [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: >> Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com >> Cc: samba@lists.samba.org >> Subject: Re: [Samba] Can Map shares but cannot write >> >> >> >>> Heh, I made myself the owner, and still can't create a file. >>> >>> [r...@vm-stusrv test]# getfacl /home/share/students/ >>> getfacl: Removing leading '/' from absolute path names >>> # file: home/share/students/ >>> # owner: mlyon >>> # group: students >>> user::rwx >>> group::rwx >>> group:students:rwx >>> mask::rwx >>> other::rwx >>> >>> Mike >>> >>> >>> >> Try using the default flag for setfacl. I always have this problem with >> setfacl: >> >> $ setfacl -m g:students:rwx foo >> >> doesn't work, but I have better luck with >> >> $ setfacl -d -m g:students:rwx foo >> >> I don't know why, it seems like it should work with the first setup but it >> rarely does for me. >> >> And if THAT doesn't work, I connect to the share as an admin Windows user >> (administrator in your case) and set the ACLs using Windows Explorer. >> >> James Zuelow >> Network Specialist >> City and Borough of Juneau MIS >> (907) 586-0236 >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
What happens if you try to mount a samba share via CIFS from linux (e.g. smbclient, mount -o cifs ?) Or may be mount the drive in windows with the "net use" command.Either way you explicitly set the domain/username. Do any of the other log files refer to issues with mapping users? What is the Host OS? Guessing some linux varient? On 06/30/2010 02:40 PM, James Zuelow wrote: Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write > Heh, I made myself the owner, and still can't create a file. > > [r...@vm-stusrv test]# getfacl /home/share/students/ > getfacl: Removing leading '/' from absolute path names > # file: home/share/students/ > # owner: mlyon > # group: students > user::rwx > group::rwx > group:students:rwx > mask::rwx > other::rwx > > Mike > Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 11:05 AM, Michael Lyon wrote: > I've added in: username map = /etc/samba/smbusers > > [r...@vm-stusrv ~]# more /etc/samba/smbusers > # Unix_name = SMB_name1 SMB_name2 ... > root = administrator > nobody = guest > > Restarted smb. > > No luck. > If the user logs into the *nix box with the same username that they use in windows can they write to the folders? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Do you have SELinux active? Op 30-6-2010 17:05, Michael Lyon schreef: I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith wrote: On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon wrote: I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- -- Tom Reijnders TOR Informatica Chopinlaan 27 5242HM Rosmalen Tel: 073 5226191 Fax: 073 5226196 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith wrote: > On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon wrote: > > I've simplified the share as you noted, and still have the same results. > If > > I create a file/folder on the linux side, I can read it without a > problem. > > Once I map as a Window$ client, I cannot write. > > You have 'public = yes' which is the synonym for 'guest ok = yes' , > therefore anyone should be able to write. Let's make sure we have > proper guest capabilities by adding 'username map' parameter and its > associated file. For example: > In global: > username map = /etc/samba/smbusers > > Contents of /etc/samba/smbusers: > root = administrator > nobody = guest > > And as the guest account is nobody make sure that the nobody account is > valid. > > Restart Samba and if you still have trouble it looks to be a > permissions issue on the nix side. > > Chris > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon wrote: > I've simplified the share as you noted, and still have the same results. If > I create a file/folder on the linux side, I can read it without a problem. > Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. smb.conf: [global] workgroup = DOMAIN realm = ds.domain.edu server string = Samba Server Version %v netbios name = vm-stusrv security = ADS password server = * passdb backend = tdbsam admin users = @"DOMAIN+Domain Admins" log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = DOMAIN idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes Mike On Wed, Jun 30, 2010 at 9:34 AM, Chris Smith wrote: > On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon wrote: > > [student] > >comment = Test share > >path = /home/share/students > >public = yes > >writeable = yes > >browseable = yes > >create mask = 0770 > >force create mode = 0770 > >directory mask = 02770 > >force directory mode = 02770 > >directory security mask = 0775 > > You can map the share but not write, can you read files? > > Try simplifying the share further: > == > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > == > > And make sure there is no valid users statement in the global section. > > Chris > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:31 AM, wrote: > > > > > [r...@vm-stusrv students]# getfacl /home/share/students/ > getfacl: Removing leading '/' from absolute path names > # file: home/share/students/ > # owner: root > # group: domain\040users > user::rwx > group::rwx > group:students:rwx > mask::rwx > other::rwx > > > Gotta run, but looks ok. However, I do hate having root as an owner of > user files and such. It's an unusual problem. For shts and giggles try: > > chown -R : > /home/share/students > > > Mike > > > On Wed, Jun 30, 2010 at 9:20 AM, wrote: > >> >> >> >> >> >> [r...@vm-stusrv students]# ls -latrh >> total 20K >> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. >> drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test >> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . >> >> The + sign is an ACL. >> >> getfacl >> >> Let's see what that has to say. >> >> >> >> I still cannot create files under the 'test' directory I created. >> >> Windows is reporting for the share that the owner and groups have >> 'Special' >> permissions. Drilling down into their 'special' permissions reveals that >> both 'domain users' and 'students' do have Create Folders/Write data >> checked >> under the 'Allow' column. (I'll attach the picture.) >> >> >> Mike >> >> >> On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal >> wrote: >> >> Did you try temporarily commenting out the "valid users" and "write list" >> lines. That should make it writable by default. If you are then able to >> write it suggests that samba is not correctly matching up the users' >> groups >> to the "valid users" and "write list" groups. Although if this were the >> case then you would probably have been denied write permissions. >> >> >> Is /home/share/students an NFS/autofs mount? What happens if you create a >> subdirectory (via unix) under students, with group owner students, >> permissions 777. Can users create files under that? If you look at >> the advanced permissions of the directories or files in windows, do you >> see >> any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means >> "user and group has full access, and no one else has rights unless they >> are >> the user or group. However in Windows this may be getting interpreted as >> "deny everyone some rights even if they are explicited granted rights as >> the >> user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS >> ACL's.) >> >> >> >> >> >> >> >> >> >> On 06/30/2010 09:21 AM, Michael Lyon wrote: >> >> Here is the scenario: >> >> AD-authentication is functioning fine. I can query users and group info >> from wbinfo and getent just fine. >> >> The clients can map to the shares, but cannot write to the shares. I have >> tried variations of chmod 777 on absolute paths to enable read/write >> access >> to no avail. >> >> The share is configured as such: >> >> [student] >> comment = Test share >> path = /home/share/students >> public = yes >> writeable = yes >> browseable = yes >> create mask = 0770 >> force create mode = 0770 >> directory mask = 02770 >> force directory mode = 02770 >> directory security mask = 0775 >> admin users = DOMAIN\Administrator >> valid users = @"students" >> write list = @"students" >>�� inherit permissions = yes >> inherit acls = yes >> >> The error log reports: >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> >> Mike >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon wrote: > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > create mask = 0770 > force create mode = 0770 > directory mask = 02770 > force directory mode = 02770 > directory security mask = 0775 You can map the share but not write, can you read files? Try simplifying the share further: == [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes == And make sure there is no valid users statement in the global section. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Gotta run, but looks ok. However, I do hate having root as an owner of user files and such. It's an unusual problem. For shts and giggles try: chown -R : /home/share/students Mike On Wed, Jun 30, 2010 at 9:20 AM, wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal wrote: Did you try temporarily commenting out the "valid users" and "write list" lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the "valid users" and "write list" groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means "user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as "deny everyone some rights even if they are explicited granted rights as the user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @"students" write list = @"students" �� inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:20 AM, wrote: > > > > > > [r...@vm-stusrv students]# ls -latrh > total 20K > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. > drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . > > The + sign is an ACL. > > getfacl > > Let's see what that has to say. > > > > I still cannot create files under the 'test' directory I created. > > Windows is reporting for the share that the owner and groups have 'Special' > permissions. Drilling down into their 'special' permissions reveals that > both 'domain users' and 'students' do have Create Folders/Write data > checked > under the 'Allow' column. (I'll attach the picture.) > > > Mike > > > On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal > wrote: > > Did you try temporarily commenting out the "valid users" and "write list" > lines. That should make it writable by default. If you are then able to > write it suggests that samba is not correctly matching up the users' groups > to the "valid users" and "write list" groups. Although if this were the > case then you would probably have been denied write permissions. > > > Is /home/share/students an NFS/autofs mount? What happens if you create a > subdirectory (via unix) under students, with group owner students, > permissions 777. Can users create files under that? If you look at > the advanced permissions of the directories or files in windows, do you see > any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means > "user and group has full access, and no one else has rights unless they are > the user or group. However in Windows this may be getting interpreted as > "deny everyone some rights even if they are explicited granted rights as > the > user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS > ACL's.) > > > > > > > > > > On 06/30/2010 09:21 AM, Michael Lyon wrote: > > Here is the scenario: > > AD-authentication is functioning fine. I can query users and group info > from wbinfo and getent just fine. > > The clients can map to the shares, but cannot write to the shares. I have > tried variations of chmod 777 on absolute paths to enable read/write > access > to no avail. > > The share is configured as such: > > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > create mask = 0770 > force create mode = 0770 > directory mask = 02770 > force directory mode = 02770 > directory security mask = 0775 > admin users = DOMAIN\Administrator > valid users = @"students" > write list = @"students" > inherit permissions = yes > inherit acls = yes > > The error log reports: > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > > Mike > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal wrote: Did you try temporarily commenting out the "valid users" and "write list" lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the "valid users" and "write list" groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means "user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as "deny everyone some rights even if they are explicited granted rights as the user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @"students" write list = @"students" inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I changed the share to look like this: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 No luck. It is not an NFS/autofs mount, it is local to the linux server. I created a share under the /home/share/students directory called 'test' and made the students group the owner, along with 777 perms: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal wrote: > Did you try temporarily commenting out the "valid users" and "write list" > lines. That should make it writable by default.If you are then able to > write it suggests that samba is not correctly matching up the users' groups > to the "valid users" and "write list" groups. Although if this were the > case then you would probably have been denied write permissions. > > > Is /home/share/students an NFS/autofs mount? What happens if you create a > subdirectory (via unix) under students, with group owner students, > permissions 777. Can users create files under that? If you look at > the advanced permissions of the directories or files in windows, do you see > any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means > "user and group has full access, and no one else has rights unless they are > the user or group. However in Windows this may be getting interpreted as > "deny everyone some rights even if they are explicited granted rights as the > user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS > ACL's.) > > > > > > > > > > On 06/30/2010 09:21 AM, Michael Lyon wrote: > >> Here is the scenario: >> >> AD-authentication is functioning fine. I can query users and group info >> from wbinfo and getent just fine. >> >> The clients can map to the shares, but cannot write to the shares. I have >> tried variations of chmod 777 on absolute paths to enable read/write >> access >> to no avail. >> >> The share is configured as such: >> >> [student] >> comment = Test share >> path = /home/share/students >> public = yes >> writeable = yes >> browseable = yes >> create mask = 0770 >> force create mode = 0770 >> directory mask = 02770 >> force directory mode = 02770 >> directory security mask = 0775 >> admin users = DOMAIN\Administrator >> valid users = @"students" >> write list = @"students" >> inherit permissions = yes >> inherit acls = yes >> >> The error log reports: >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> >> Mike >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Did you try temporarily commenting out the "valid users" and "write list" lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the "valid users" and "write list" groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means "user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as "deny everyone some rights even if they are explicited granted rights as the user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @"students" write list = @"students" inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can Map shares but cannot write
Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @"students" write list = @"students" inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
