[Samba] Can't write to a samba share mounted as an AD user

[Rowland Penny]

On Thu, 2 Aug 2018 13:16:26 -0400
pisymbol via samba <samba at lists.samba.org> wrote:

> On Thu, Aug 2, 2018 at 1:11 PM, Eric Altman via samba
> <samba at lists.samba.org
> > wrote:
> 
> >
> > It’s just that the mount has read-only access despite the file
> > ownership and modes being set to give full read-write?
> >
> >
> That is almost correct (I can create empty files via touch) which has
> me baffled.
> 
> -aps (Alex)

You do not have any lines like this in your smb.conf:

    winbind nss info = rfc2307
    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config SAMDOM : backend = rid
    idmap config SAMDOM : schema_mode = rfc2307
    idmap config SAMDOM : range = 10000-999999

So, unless you are using sssd (and if you are, this is the wrong place
to ask for help), you do not anyway to authenticate your AD users on
the NAS. Yes, you may be able to read files on the NAS, but you will not
be able to write to them, this is because Samba has no idea who your
users are and 'guest' access is turned off.

You also shouldn't have a NAS administrator, you should only have a
Domain Administrator.

I think what you are trying to say is that, you have purchased this NAS
and most of the [global] part of the smb.conf is what it came with, if
this is true, then QNAP are you listening, your standard smb.conf is
rubbish. It contains deprecated settings (smbpasswd), default lines and
lines that do not need to be there, it is as if they just took the
output of 'man smbconf', removed most of the text, just leaving the
parameters, threw away some of the parameters and set others to
defaults or things they shouldn't be set to.

I think (and I could be wrong, but I don't think so) it was meant to
be a 'standalone server', but you now want it to be a Unix domain
member, if so, you need to make a lot of changes to your smb.conf.

Rowland