[Samba] Can't write to a samba share mounted as an AD user

pisymbol pisymbol at gmail.com
Thu Aug 2 18:51:34 UTC 2018 

On Thu, Aug 2, 2018 at 2:46 PM, pisymbol <pisymbol at gmail.com> wrote:

>
>
> On Thu, Aug 2, 2018 at 1:55 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Thu, 2 Aug 2018 13:16:26 -0400
>> pisymbol via samba <samba at lists.samba.org> wrote:
>>
>> > On Thu, Aug 2, 2018 at 1:11 PM, Eric Altman via samba
>> > <samba at lists.samba.org
>> > > wrote:
>> >
>> > >
>> > > It’s just that the mount has read-only access despite the file
>> > > ownership and modes being set to give full read-write?
>> > >
>> > >
>> > That is almost correct (I can create empty files via touch) which has
>> > me baffled.
>> >
>> > -aps (Alex)
>>
>> You do not have any lines like this in your smb.conf:
>>
>>     winbind nss info = rfc2307
>>     idmap config *:backend = tdb
>>     idmap config *:range = 2000-9999
>>     idmap config SAMDOM : backend = rid
>>     idmap config SAMDOM : schema_mode = rfc2307
>>     idmap config SAMDOM : range = 10000-999999
>>
>>
> I added these lines (changed SAMDOM accordingly).
>
> That helped but didn't fix the problem. But I do see users and domains.
>
> [admin at outerdrive Public]# getfacl .
> # file: .
> # owner: admin
> # group: administrators
> user::rwx
> user:admin:rwx
> user:guest:---
> group::rwx
> group:everyone:r-x
> group:SAMDOM\domain\040users\040changed:rwx
> group:SAMDOM\users:rwx
> mask::rwx
> other::rwx
> default:user::rwx
> default:user:admin:rwx
> default:user:guest:---
> default:group::rwx
> default:group:everyone:r-x
> default:group:SAMDOM\domain\040users\040changed:rwx
> default:group:SAMDOM\users:rwx
> default:mask::rwx
> default:other::---
>
> The 'domain users changed' is a real thing and no I am not responsible for
> it.
>
> I am mounting as a user who is in both 'SAMDOM\users' and 'SAMDOM\domain
> users changed' etc using SMB 2.1.
>
> But I still can't write a darn file....
>

Eureka! Sorry about that. The above did indeed fixed it. I had the uid/gid
set to 0 on mount. If I mount it now as my uid/gid I can write files to it.
Happy Day!

Thank you Rowland and Eric. I really do appreciate it. I completely forget
about 'idmap' and now I feel kinda dumb.

Wow, this was way more a pain in the butt then it should have been given
the QNAP is an "appliance."

-aps

More information about the samba mailing list