[Samba] Can Map shares but cannot write
tms3 at tms3.com
tms3 at tms3.com
Wed Jun 30 08:20:50 MDT 2010
>
>
> [root at vm-stusrv students]# ls -latrh
> total 20K
> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 ..
> drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test
> drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 .
The + sign is an ACL.
getfacl <directory>
Let's see what that has to say.
>
>
>
> I still cannot create files under the 'test' directory I created.
>
> Windows is reporting for the share that the owner and groups have
> 'Special'
> permissions. Drilling down into their 'special' permissions reveals
> that
> both 'domain users' and 'students' do have Create Folders/Write data
> checked
> under the 'Allow' column. (I'll attach the picture.)
>
>
> Mike
>
>
> On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com>wrote:
>
>>
>> Did you try temporarily commenting out the "valid users" and "write
>> list"
>> lines. That should make it writable by default. If you are then
>> able to
>> write it suggests that samba is not correctly matching up the users'
>> groups
>> to the "valid users" and "write list" groups. Although if this were
>> the
>> case then you would probably have been denied write permissions.
>>
>>
>> Is /home/share/students an NFS/autofs mount? What happens if you
>> create a
>> subdirectory (via unix) under students, with group owner students,
>> permissions 777. Can users create files under that? If you
>> look at
>> the advanced permissions of the directories or files in windows, do
>> you see
>> any "deny" ACE's that may be trumping the allow ACE's? In unix, 770
>> means
>> "user and group has full access, and no one else has rights unless
>> they are
>> the user or group. However in Windows this may be getting interpreted
>> as
>> "deny everyone some rights even if they are explicited granted rights
>> as the
>> user or group." ( I ran into this with Samba 3.0.x with Solaris 10
>> and ZFS
>> ACL's.)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 06/30/2010 09:21 AM, Michael Lyon wrote:
>>
>>>
>>> Here is the scenario:
>>>
>>> AD-authentication is functioning fine. I can query users and group
>>> info
>>> from wbinfo and getent just fine.
>>>
>>> The clients can map to the shares, but cannot write to the shares. I
>>> have
>>> tried variations of chmod 777 on absolute paths to enable read/write
>>> access
>>> to no avail.
>>>
>>> The share is configured as such:
>>>
>>> [student]
>>> comment = Test share
>>> path = /home/share/students
>>> public = yes
>>> writeable = yes
>>> browseable = yes
>>> create mask = 0770
>>> force create mode = 0770
>>> directory mask = 02770
>>> force directory mode = 02770
>>> directory security mask = 0775
>>> admin users = DOMAIN\Administrator
>>> valid users = @"students"
>>> write list = @"students"
>>> inherit permissions = yes
>>> inherit acls = yes
>>>
>>> The error log reports:
>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
>>> open_directory: unable to create New folder. Error was
>>> NT_STATUS_ACCESS_DENIED
>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
>>> open_directory: unable to create New folder. Error was
>>> NT_STATUS_ACCESS_DENIED
>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
>>> open_directory: unable to create New folder. Error was
>>> NT_STATUS_ACCESS_DENIED
>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
>>> open_directory: unable to create New folder. Error was
>>> NT_STATUS_ACCESS_DENIED
>>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory)
>>> open_directory: unable to create New folder. Error was
>>> NT_STATUS_ACCESS_DENIED
>>>
>>> Mike
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list