[Samba] Clients can't write to group-writable files - plea for help

Josh Malone jmalone at nrao.edu
Fri Nov 18 14:13:44 UTC 2016

On 11/17/16 2:53 PM, Alex Crow via samba wrote:
>> From my understanding you seem to have Mac and Windows clients and are
>> using the Samba machine as a fileserver. If the windows machines are
>> joined to a domain, then you will probably be better off joining the
>> Samba machine to the domain, this way you will not need the user map.
>> It might help if you could explain your setup, if it is different
>> from the above and a copy of your smb.conf would help as well.
>> Rowland

Sorry - I should have posted this from the beginning.


The samba server is joined to our AD domain. testjoin reports that the 
join is okay and authentication is working properly. The samba server is 
*also* joined to our NIS domain from which it gets the unix users.

Usernames match between unix and AD. All accounts have uidNumber and 
gidNumber set correctly in AD (although it wasn't always like this; only 
recently did I implement this with a nightly script that copies the id 
numbers into AD).

The smb.conf I posted is the one which exhibits the problem with 
group-writable files. By commenting the username map and uncommenting 
the username map script, the problem goes away. The mapusers.sh script 
just echos $1. The usermap.cfg map file is empty. I've also tried 
removing that config line entirely - problem remains.

The share I used for testing is:

         comment = www.nrao.edu Web Content
         path = /home/www.nrao.edu
         public = no
         writable = yes
         browsable = yes
         create mask = 664
         directory mask = 2775

Level 10 debug log is here, in its entirety this time:


It's a Mac client running 10.11.something.


        Joshua Malone       Systems Administrator
      (jmalone at nrao.edu)    NRAO Charlottesville
         434-296-0263           www.nrao.edu
	434-249-5699 (mobile)

More information about the samba mailing list