Can Map shares but cannot write
in [Samba]
|
From: tms3 on 30 Jun 2010 10:40 > > > > [root(a)vm-stusrv students]# getfacl /home/share/students/ > getfacl: Removing leading '/' from absolute path names > # file: home/share/students/ > # owner: root > # group: domain\040users > user::rwx > group::rwx > group:students:rwx > mask::rwx > other::rwx Gotta run, but looks ok. However, I do hate having root as an owner of user files and such. It's an unusual problem. For shts and giggles try: chown -R <Windows-User(I like group supervisors)>:<Windows Group> /home/share/students > > > Mike > > > > On Wed, Jun 30, 2010 at 9:20 AM, <tms3(a)tms3.com> wrote: >> >> >> >> >> >> >> >>> >>> >>> [root(a)vm-stusrv students]# ls -latrh >>> total 20K >>> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. >>> drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test >>> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . >> >> The + sign is an ACL. >> >> getfacl <directory> >> >> Let's see what that has to say. >> >> >> >>> >>> >>> >>> I still cannot create files under the 'test' directory I created. >>> >>> Windows is reporting for the share that the owner and groups have >>> 'Special' >>> permissions. Drilling down into their 'special' permissions reveals >>> that >>> both 'domain users' and 'students' do have Create Folders/Write data >>> checked >>> under the 'Allow' column. (I'll attach the picture.) >>> >>> >>> Mike >>> >>> >>> On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal >>> <gaiseric.vandal(a)gmail.com>wrote: >>> >>>> >>>> Did you try temporarily commenting out the "valid users" and "write >>>> list" >>>> lines. That should make it writable by default. If you are then >>>> able to >>>> write it suggests that samba is not correctly matching up the users' >>>> groups >>>> to the "valid users" and "write list" groups. Although if this were >>>> the >>>> case then you would probably have been denied write permissions. >>>> >>>> >>>> Is /home/share/students an NFS/autofs mount? What happens if you >>>> create a >>>> subdirectory (via unix) under students, with group owner students, >>>> permissions 777. Can users create files under that? If you >>>> look at >>>> the advanced permissions of the directories or files in windows, do >>>> you see >>>> any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 >>>> means >>>> "user and group has full access, and no one else has rights unless >>>> they are >>>> the user or group. However in Windows this may be getting interpreted >>>> as >>>> "deny everyone some rights even if they are explicited granted rights >>>> as the >>>> user or group." ( I ran into this with Samba 3.0.x with Solaris 10 >>>> and ZFS >>>> ACL's.) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 06/30/2010 09:21 AM, Michael Lyon wrote: >>>> >>>>> >>>>> Here is the scenario: >>>>> >>>>> AD-authentication is functioning fine. I can query users and group >>>>> info >>>>> from wbinfo and getent just fine. >>>>> >>>>> The clients can map to the shares, but cannot write to the shares. I >>>>> have >>>>> tried variations of chmod 777 on absolute paths to enable read/write >>>>> access >>>>> to no avail. >>>>> >>>>> The share is configured as such: >>>>> >>>>> [student] >>>>> comment = Test share >>>>> path = /home/share/students >>>>> public = yes >>>>> writeable = yes >>>>> browseable = yes >>>>> create mask = 0770 >>>>> force create mode = 0770 >>>>> directory mask = 02770 >>>>> force directory mode = 02770 >>>>> directory security mask = 0775 >>>>> admin users = DOMAIN\Administrator >>>>> valid users = @"students" >>>>> write list = @"students" >>>>> �� inherit permissions = yes >>>>> inherit acls = yes >>>>> >>>>> The error log reports: >>>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>>>> open_directory: unable to create New folder. Error was >>>>> NT_STATUS_ACCESS_DENIED >>>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>>>> open_directory: unable to create New folder. Error was >>>>> NT_STATUS_ACCESS_DENIED >>>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>>>> open_directory: unable to create New folder. Error was >>>>> NT_STATUS_ACCESS_DENIED >>>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>>>> open_directory: unable to create New folder. Error was >>>>> NT_STATUS_ACCESS_DENIED >>>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>>>> open_directory: unable to create New folder. Error was >>>>> NT_STATUS_ACCESS_DENIED >>>>> >>>>> Mike >>>>> >>>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Lyon on 30 Jun 2010 10:40 Heh, I made myself the owner, and still can't create a file. [root(a)vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:31 AM, <tms3(a)tms3.com> wrote: > > > > > [root(a)vm-stusrv students]# getfacl /home/share/students/ > getfacl: Removing leading '/' from absolute path names > # file: home/share/students/ > # owner: root > # group: domain\040users > user::rwx > group::rwx > group:students:rwx > mask::rwx > other::rwx > > > Gotta run, but looks ok. However, I do hate having root as an owner of > user files and such. It's an unusual problem. For shts and giggles try: > > chown -R <Windows-User(I like group supervisors)>:<Windows Group> > /home/share/students > > > Mike > > > On Wed, Jun 30, 2010 at 9:20 AM, <tms3(a)tms3.com> wrote: > >> >> >> >> >> >> [root(a)vm-stusrv students]# ls -latrh >> total 20K >> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. >> drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test >> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . >> >> The + sign is an ACL. >> >> getfacl <directory> >> >> Let's see what that has to say. >> >> >> >> I still cannot create files under the 'test' directory I created. >> >> Windows is reporting for the share that the owner and groups have >> 'Special' >> permissions. Drilling down into their 'special' permissions reveals that >> both 'domain users' and 'students' do have Create Folders/Write data >> checked >> under the 'Allow' column. (I'll attach the picture.) >> >> >> Mike >> >> >> On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal >> <gaiseric.vandal(a)gmail.com>wrote: >> >> Did you try temporarily commenting out the "valid users" and "write list" >> lines. That should make it writable by default. If you are then able to >> write it suggests that samba is not correctly matching up the users' >> groups >> to the "valid users" and "write list" groups. Although if this were the >> case then you would probably have been denied write permissions. >> >> >> Is /home/share/students an NFS/autofs mount? What happens if you create a >> subdirectory (via unix) under students, with group owner students, >> permissions 777. Can users create files under that? If you look at >> the advanced permissions of the directories or files in windows, do you >> see >> any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means >> "user and group has full access, and no one else has rights unless they >> are >> the user or group. However in Windows this may be getting interpreted as >> "deny everyone some rights even if they are explicited granted rights as >> the >> user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS >> ACL's.) >> >> >> >> >> >> >> >> >> >> On 06/30/2010 09:21 AM, Michael Lyon wrote: >> >> Here is the scenario: >> >> AD-authentication is functioning fine. I can query users and group info >> from wbinfo and getent just fine. >> >> The clients can map to the shares, but cannot write to the shares. I have >> tried variations of chmod 777 on absolute paths to enable read/write >> access >> to no avail. >> >> The share is configured as such: >> >> [student] >> comment = Test share >> path = /home/share/students >> public = yes >> writeable = yes >> browseable = yes >> create mask = 0770 >> force create mode = 0770 >> directory mask = 02770 >> force directory mode = 02770 >> directory security mask = 0775 >> admin users = DOMAIN\Administrator >> valid users = @"students" >> write list = @"students" >> �� inherit permissions = yes >> inherit acls = yes >> >> The error log reports: >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> >> Mike >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Lyon on 30 Jun 2010 10:50 I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. smb.conf: [global] workgroup = DOMAIN realm = ds.domain.edu server string = Samba Server Version %v netbios name = vm-stusrv security = ADS password server = * passdb backend = tdbsam admin users = @"DOMAIN+Domain Admins" log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 10000-99999 idmap gid = 10000-99999 #idmap backend = ad idmap domains = DOMAIN idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes Mike On Wed, Jun 30, 2010 at 9:34 AM, Chris Smith <smb_77(a)chrissmith.org> wrote: > On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon <mjlyon(a)gmail.com> wrote: > > [student] > > comment = Test share > > path = /home/share/students > > public = yes > > writeable = yes > > browseable = yes > > create mask = 0770 > > force create mode = 0770 > > directory mask = 02770 > > force directory mode = 02770 > > directory security mask = 0775 > > You can map the share but not write, can you read files? > > Try simplifying the share further: > ================== > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > ================== > > And make sure there is no valid users statement in the global section. > > Chris > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Chris Smith on 30 Jun 2010 11:00 On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon <mjlyon(a)gmail.com> wrote: > I've simplified the share as you noted, and still have the same results. Â If > I create a file/folder on the linux side, I can read it without a problem. > Â Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Lyon on 30 Jun 2010 11:10 I've added in: username map = /etc/samba/smbusers [root(a)vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith <smb_77(a)chrissmith.org> wrote: > On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon <mjlyon(a)gmail.com> wrote: > > I've simplified the share as you noted, and still have the same results. > If > > I create a file/folder on the linux side, I can read it without a > problem. > > Once I map as a Window$ client, I cannot write. > > You have 'public = yes' which is the synonym for 'guest ok = yes' , > therefore anyone should be able to write. Let's make sure we have > proper guest capabilities by adding 'username map' parameter and its > associated file. For example: > In global: > username map = /etc/samba/smbusers > > Contents of /etc/samba/smbusers: > root = administrator > nobody = guest > > And as the guest account is nobody make sure that the nobody account is > valid. > > Restart Samba and if you still have trouble it looks to be a > permissions issue on the nix side. > > Chris > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: [Samba] Can Map shares but cannot write Next: [Samba] Join W7 pro to samba PDC |