Can Map shares but cannot write
in [Samba]
|
From: Gaiseric Vandal on 30 Jun 2010 09:50 Did you try temporarily commenting out the "valid users" and "write list" lines. That should make it writable by default. If you are then able to write it suggests that samba is not correctly matching up the users' groups to the "valid users" and "write list" groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means "user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as "deny everyone some rights even if they are explicited granted rights as the user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: > Here is the scenario: > > AD-authentication is functioning fine. I can query users and group info > from wbinfo and getent just fine. > > The clients can map to the shares, but cannot write to the shares. I have > tried variations of chmod 777 on absolute paths to enable read/write access > to no avail. > > The share is configured as such: > > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > create mask = 0770 > force create mode = 0770 > directory mask = 02770 > force directory mode = 02770 > directory security mask = 0775 > admin users = DOMAIN\Administrator > valid users = @"students" > write list = @"students" > inherit permissions = yes > inherit acls = yes > > The error log reports: > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > > Mike > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Lyon on 30 Jun 2010 10:20 I changed the share to look like this: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 No luck. It is not an NFS/autofs mount, it is local to the linux server. I created a share under the /home/share/students directory called 'test' and made the students group the owner, along with 777 perms: [root(a)vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal <gaiseric.vandal(a)gmail.com>wrote: > Did you try temporarily commenting out the "valid users" and "write list" > lines. That should make it writable by default. If you are then able to > write it suggests that samba is not correctly matching up the users' groups > to the "valid users" and "write list" groups. Although if this were the > case then you would probably have been denied write permissions. > > > Is /home/share/students an NFS/autofs mount? What happens if you create a > subdirectory (via unix) under students, with group owner students, > permissions 777. Can users create files under that? If you look at > the advanced permissions of the directories or files in windows, do you see > any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means > "user and group has full access, and no one else has rights unless they are > the user or group. However in Windows this may be getting interpreted as > "deny everyone some rights even if they are explicited granted rights as the > user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS > ACL's.) > > > > > > > > > > On 06/30/2010 09:21 AM, Michael Lyon wrote: > >> Here is the scenario: >> >> AD-authentication is functioning fine. I can query users and group info >> from wbinfo and getent just fine. >> >> The clients can map to the shares, but cannot write to the shares. I have >> tried variations of chmod 777 on absolute paths to enable read/write >> access >> to no avail. >> >> The share is configured as such: >> >> [student] >> comment = Test share >> path = /home/share/students >> public = yes >> writeable = yes >> browseable = yes >> create mask = 0770 >> force create mode = 0770 >> directory mask = 02770 >> force directory mode = 02770 >> directory security mask = 0775 >> admin users = DOMAIN\Administrator >> valid users = @"students" >> write list = @"students" >> inherit permissions = yes >> inherit acls = yes >> >> The error log reports: >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >> open_directory: unable to create New folder. Error was >> NT_STATUS_ACCESS_DENIED >> >> Mike >> >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
From: tms3 on 30 Jun 2010 10:30 > > > [root(a)vm-stusrv students]# ls -latrh > total 20K > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. > drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl <directory> Let's see what that has to say. > > > > I still cannot create files under the 'test' directory I created. > > Windows is reporting for the share that the owner and groups have > 'Special' > permissions. Drilling down into their 'special' permissions reveals > that > both 'domain users' and 'students' do have Create Folders/Write data > checked > under the 'Allow' column. (I'll attach the picture.) > > > Mike > > > On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal > <gaiseric.vandal(a)gmail.com>wrote: > >> >> Did you try temporarily commenting out the "valid users" and "write >> list" >> lines. That should make it writable by default. If you are then >> able to >> write it suggests that samba is not correctly matching up the users' >> groups >> to the "valid users" and "write list" groups. Although if this were >> the >> case then you would probably have been denied write permissions. >> >> >> Is /home/share/students an NFS/autofs mount? What happens if you >> create a >> subdirectory (via unix) under students, with group owner students, >> permissions 777. Can users create files under that? If you >> look at >> the advanced permissions of the directories or files in windows, do >> you see >> any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 >> means >> "user and group has full access, and no one else has rights unless >> they are >> the user or group. However in Windows this may be getting interpreted >> as >> "deny everyone some rights even if they are explicited granted rights >> as the >> user or group." ( I ran into this with Samba 3.0.x with Solaris 10 >> and ZFS >> ACL's.) >> >> >> >> >> >> >> >> >> >> On 06/30/2010 09:21 AM, Michael Lyon wrote: >> >>> >>> Here is the scenario: >>> >>> AD-authentication is functioning fine. I can query users and group >>> info >>> from wbinfo and getent just fine. >>> >>> The clients can map to the shares, but cannot write to the shares. I >>> have >>> tried variations of chmod 777 on absolute paths to enable read/write >>> access >>> to no avail. >>> >>> The share is configured as such: >>> >>> [student] >>> comment = Test share >>> path = /home/share/students >>> public = yes >>> writeable = yes >>> browseable = yes >>> create mask = 0770 >>> force create mode = 0770 >>> directory mask = 02770 >>> force directory mode = 02770 >>> directory security mask = 0775 >>> admin users = DOMAIN\Administrator >>> valid users = @"students" >>> write list = @"students" >>> inherit permissions = yes >>> inherit acls = yes >>> >>> The error log reports: >>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>> open_directory: unable to create New folder. Error was >>> NT_STATUS_ACCESS_DENIED >>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>> open_directory: unable to create New folder. Error was >>> NT_STATUS_ACCESS_DENIED >>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>> open_directory: unable to create New folder. Error was >>> NT_STATUS_ACCESS_DENIED >>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>> open_directory: unable to create New folder. Error was >>> NT_STATUS_ACCESS_DENIED >>> [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) >>> open_directory: unable to create New folder. Error was >>> NT_STATUS_ACCESS_DENIED >>> >>> Mike >>> >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Lyon on 30 Jun 2010 10:30 [root(a)vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:20 AM, <tms3(a)tms3.com> wrote: > > > > > > [root(a)vm-stusrv students]# ls -latrh > total 20K > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. > drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test > drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . > > The + sign is an ACL. > > getfacl <directory> > > Let's see what that has to say. > > > > I still cannot create files under the 'test' directory I created. > > Windows is reporting for the share that the owner and groups have 'Special' > permissions. Drilling down into their 'special' permissions reveals that > both 'domain users' and 'students' do have Create Folders/Write data > checked > under the 'Allow' column. (I'll attach the picture.) > > > Mike > > > On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal > <gaiseric.vandal(a)gmail.com>wrote: > > Did you try temporarily commenting out the "valid users" and "write list" > lines. That should make it writable by default. If you are then able to > write it suggests that samba is not correctly matching up the users' groups > to the "valid users" and "write list" groups. Although if this were the > case then you would probably have been denied write permissions. > > > Is /home/share/students an NFS/autofs mount? What happens if you create a > subdirectory (via unix) under students, with group owner students, > permissions 777. Can users create files under that? If you look at > the advanced permissions of the directories or files in windows, do you see > any "deny" ACE's that may be trumping the allow ACE's? In unix, 770 means > "user and group has full access, and no one else has rights unless they are > the user or group. However in Windows this may be getting interpreted as > "deny everyone some rights even if they are explicited granted rights as > the > user or group." ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS > ACL's.) > > > > > > > > > > On 06/30/2010 09:21 AM, Michael Lyon wrote: > > Here is the scenario: > > AD-authentication is functioning fine. I can query users and group info > from wbinfo and getent just fine. > > The clients can map to the shares, but cannot write to the shares. I have > tried variations of chmod 777 on absolute paths to enable read/write > access > to no avail. > > The share is configured as such: > > [student] > comment = Test share > path = /home/share/students > public = yes > writeable = yes > browseable = yes > create mask = 0770 > force create mode = 0770 > directory mask = 02770 > force directory mode = 02770 > directory security mask = 0775 > admin users = DOMAIN\Administrator > valid users = @"students" > write list = @"students" > inherit permissions = yes > inherit acls = yes > > The error log reports: > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) > open_directory: unable to create New folder. Error was > NT_STATUS_ACCESS_DENIED > > Mike > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Chris Smith on 30 Jun 2010 10:40 On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon <mjlyon(a)gmail.com> wrote: > [student] >   comment = Test share >   path = /home/share/students >   public = yes >   writeable = yes >   browseable = yes >   create mask = 0770 >   force create mode  = 0770 >   directory mask = 02770 >   force directory mode = 02770 >   directory security mask = 0775 You can map the share but not write, can you read files? Try simplifying the share further: ================== [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes ================== And make sure there is no valid users statement in the global section. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Next
|
Last
Pages: 1 2 3 Prev: [Samba] Can Map shares but cannot write Next: [Samba] Join W7 pro to samba PDC |