Samba file server using NT4 domain users

I've joined the NT4 domain using "net rpc join -U administrator" and can "wbinfo -u" & -g & -t just fine. But I can only read the shares and cannot write. Plus, I cannot figure out how to give a domain group permissions to read or write. I feel like I'm so close, but just missing a few things to make this all come together. The end goal I'm trying to reach is to create a share on my linux server that my domain users can access (read/write) without typing in any username / password information.

If it's of any value, here's my smb.conf per 'testparm':
# Global parameters
       workgroup = NT4DOMAIN
       server string = File Server One
       security = DOMAIN
       password server = NTSERVER
       log level = 3
       log file = /var/log/samba/%m.log
       max log size = 50
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       load printers = No
       wins server =
       idmap uid = 16777216-33554431
       idmap gid = 16777216-33554431
       winbind separator = +
       winbind use default domain = Yes

       comment = File Server One Main Share
       path = /fileshare
       valid users = jason
       read only = No
       create mask = 0765
J. SmithAsked:
Who is Participating?
Hi :-)

If you made it all the way to opening a file share, then you really are almost there.

I would do two things:

1. Make sure that you didn't somehow squeeze yourself through a guest account. Put
map to guest = never
in the global options. Failure to login afterwards will imply that you somehow haven't joined the domain correctly.

2. Make sure the user jason has the right access permissions to "/fileshare". I see that you allow only one user to access this share (for administrative reasons?). In this case, assuming that you do not need to preserve the user/group information for the user who logs in, put
force user = root
force group = root
in the share options.  This makes all the newly created files written as 'root'. Note: this does not close the share to root only. It allows only jason to log on, but after the connections, files and folders are accessed as root.
Another option could be to chmod/chown the files in "/fileshare" to allow access to jason.

in here you have a complete smb.conf check with that
and i check again your conf please add this

writable = yes
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

J. SmithAuthor Commented:
The smb.conf u've posted is from 2002 and a lot of things have changed since then. I've tried writable and it didn't work.
J. SmithAuthor Commented:
ok, i did all that and i'm still getting access denied
J. SmithAuthor Commented:
e-tsik, what you said works, but I have a few questions for you if you don't mind.
First, I had to create an identical Unix user to for each person that I wanted to give access to the share. Is there a way to give access without creating a local user?
Second, how do I set permissions on a per user/group on a share? I don't mind using set force user = root, but how would i give one user/group only read access and the other write?
Finally, I've read about some users "owning" a file and then another not being able to open it because of that. Is the only way to get around this by using the force user = root?

Questions? No problem!

1. The reason why you had to create a local user for everyone was because you haven't configured (correctly) pam_smb. Redhat calls is "smb authentication". Failure to log on with the network user/password caused your users not to be able to log on through samba.

2. Permissions without "force user" are quite easy, but they are governed by the unix permissions, which are quite strict. First, you need to learn how unix permissions work (that is, if you haven't by now). You configure permissions with the unix user/group associations and the chown, chmod commands. Samba also uses ext2 attributes to configure "fine grained" permissions (unix permissions only have one owner and group per file, and permissions are granted to these owner and group, fine grained means you can have multiple). I never found it functional in a binary-downloaded configuration (have not tried it on Fedora, though). When that works, you could configure the permissions using the windows "permissions" tab (cool, isn't it?)
J. SmithAuthor Commented:
Alright, I'll have to look into "fine grained" permissions. Thanks for your help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.