[Samba] write list for share is ignored

Dale Schroeder dale at BriannasSaladDressing.com
Fri Jan 22 12:22:08 MST 2010 

On 01/22/2010 11:00 AM, Jon Trauntvein wrote:
> I recently updated a Samba server from Fedora Core 4 to CentOs 4.5.  The
> old server had samba version 3.0.11 installed while the newer has samba
> version 3.0.33 installed.  The following file is a simplified version of
> my smb.conf file:
>
> [global]
>  debug level = 5
>  security = domain
>  workgroup = CSI-INTRANET
>  auth methods = guest, sam, winbind
>  server string = Software Engineering Workgroup Server
>  load printers = yes
>  guest account = nobody
>  log file = /var/log/samba/log.%m
>  max log size = 1024
>  encrypt passwords = yes
>  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>  dns proxy = no
>  map to guest = bad user
>
>  winbind separator = \\
>  idmap uid = 10000-20000
>  idmap gid = 10000-20000
>  winbind enum users = yes
>  winbind enum groups = yes
>
>
> [cora]
>  available = yes
>  browseable = yes
>  path = /home/group/cora
>  public = yes
>  guest ok = yes
>  read only = yes
>  write list = @cora
>  force create mode = 0775
Assuming "cora" is a domain group and using your separator "\\", try
     write list = @CSI-INTRANET\\cora

Somewhere around 3.0.23 or so, winbind started requiring the domain name 
be prefixed to domain users and groups

Dale

>
> As can be seen here, I am using domain based security.  With this
> configuration, my windows XP based machine can connect to the share and
> can access the files and directories on that share.  However, any
> attempt to add a file or directory gets rebuffed with an access denied.
> The following is the log from my windows machine's attempt to create a
> new directory:
>
> I'm sorry for the length of the above but I am not sure what might be
> relevant to understanding the problem.  As I interpret the problem,
> Samba has determined that the share is read only for my client.  The
> unix file permissions are correct in that I can perform the needed
> operations while logged on under that account and, further, I can see
> that, at one point, samba had determined to use the correct account and
> group IDs.
>
> I have tried various combinations of options both within smb.conf and 
> within
> nsswitch.conf.  I have tried changing nsswitch.conf so that winbind is 
> used as
> an option after the files are tried.  I have also replaced the @cora 
> group
> specification with references to my specific unix and domain user 
> names.  Each
> time that I have made these changes, I have faithfully restarted the 
> samba service.
> However, at no time have I been able to access this share in any but a 
> read-only
> fashion.  If anyone has some suggestions or troubleshooting tips, I 
> would be most
> grateful.
>
> Regards,
>
> Jon Trauntvein

More information about the samba mailing list