[Samba] write list for share is ignored
Dale Schroeder
dale at BriannasSaladDressing.com
Fri Jan 22 12:22:08 MST 2010
On 01/22/2010 11:00 AM, Jon Trauntvein wrote:
> I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The
> old server had samba version 3.0.11 installed while the newer has samba
> version 3.0.33 installed. The following file is a simplified version of
> my smb.conf file:
>
> [global]
> debug level = 5
> security = domain
> workgroup = CSI-INTRANET
> auth methods = guest, sam, winbind
> server string = Software Engineering Workgroup Server
> load printers = yes
> guest account = nobody
> log file = /var/log/samba/log.%m
> max log size = 1024
> encrypt passwords = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = no
> map to guest = bad user
>
> winbind separator = \\
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
>
>
> [cora]
> available = yes
> browseable = yes
> path = /home/group/cora
> public = yes
> guest ok = yes
> read only = yes
> write list = @cora
> force create mode = 0775
Assuming "cora" is a domain group and using your separator "\\", try
write list = @CSI-INTRANET\\cora
Somewhere around 3.0.23 or so, winbind started requiring the domain name
be prefixed to domain users and groups
Dale
>
> As can be seen here, I am using domain based security. With this
> configuration, my windows XP based machine can connect to the share and
> can access the files and directories on that share. However, any
> attempt to add a file or directory gets rebuffed with an access denied.
> The following is the log from my windows machine's attempt to create a
> new directory:
>
> I'm sorry for the length of the above but I am not sure what might be
> relevant to understanding the problem. As I interpret the problem,
> Samba has determined that the share is read only for my client. The
> unix file permissions are correct in that I can perform the needed
> operations while logged on under that account and, further, I can see
> that, at one point, samba had determined to use the correct account and
> group IDs.
>
> I have tried various combinations of options both within smb.conf and
> within
> nsswitch.conf. I have tried changing nsswitch.conf so that winbind is
> used as
> an option after the files are tried. I have also replaced the @cora
> group
> specification with references to my specific unix and domain user
> names. Each
> time that I have made these changes, I have faithfully restarted the
> samba service.
> However, at no time have I been able to access this share in any but a
> read-only
> fashion. If anyone has some suggestions or troubleshooting tips, I
> would be most
> grateful.
>
> Regards,
>
> Jon Trauntvein
More information about the samba
mailing list