Windows users unable to create folders in samba share drive

1- Make sure that from the smb.conf the share has

writable = yes

2- It should write permission for the others group as a Linux file system permission

chmod 777 /path/to/folder

here is the config writable = yes

#======================= Global Settings =======================

[global]
      log file = /var/log/samba/log.%m
      passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
      obey pam restrictions = yes
      socket options = TCP_NODELAY
      null passwords = yes
      map to guest = bad user
      encrypt passwords = yes
      public = yes
      passdb backend = tdbsam
      passwd program = /usr/bin/passwd %u
      dns proxy = no
      writeable = yes
      server string = %h server
      path = /media/fileserver/
      unix password sync = yes
      workgroup = WORKGROUP
      os level = 20
      security = share
      syslog = 0
      guest only = yes
      usershare allow guests = yes
      panic action = /usr/share/samba/panic-action %d
      max log size = 1000
      pam password change = yes

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of

# server string is the equivalent of the NT Description field

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
#   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects

# Cap the size of the individual log files (in KiB).

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
#   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.

# Do something sensible when Samba crashes: mail the admin a backtrace


####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  


# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections

########## Domains ###########

# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
;   domain logons = yes
#
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of the user's profile directory
# from the client point of view)
# The following required a [profiles] share to be setup on the
# samba server (see below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
#   load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
;   printing = bsd
;   printcap name = /etc/printcap

# CUPS printing.  See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
;   printing = cups
;   printcap name = cups

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
#   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
#   domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

# The following was the default behaviour in sarge,
# but samba upstream reverted the default because it might induce
# performance issues in large organizations.
# See Debian bug #368251 for some of the consequences of *not*
# having this setting and smb.conf(5) for details.
;   winbind enum groups = yes
;   winbind enum users = yes

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
;   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares.  This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.  Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# This might need tweaking when using external authentication schemes
;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   read only = yes
;   share modes = no

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700









[fileserver]
      writeable = yes

my suggestion is install webmin and use that to configure the share.

using webmin to setup samba is MUCH easier than command/ config editing.

i actually have webmin installed and no luck.  still same issue

I've attached a screen shot of how my share called 'public' is setup under the "Security and Access Control" option for the share, this is where I found my problem to be.

Try to set yours up the same and see?
webmin-samba.JPG

looks exactly like mine

i logged on to the ubuntu server and i can not add any folders locally in the share

sounds like the directory on the server is write protected.

try running this command..

chmod -R 0755 /path/to/share

Try to set permissions like this:

[share]
        comment = Webshare
        path = /xyz
        browseable = yes
        writeable = yes
        public = no
        read only = no
        force user = [the user to create] # or %U
        force group = [the group of the user] # or @%G
        create mask = 700
        directory mask = 700
        inherit acls = yes
        inherit permissions = yes
        valid users = @WORKGROUP\usergroup

Look at: http://freebsdhowtos.com/49.html

Did you do the 2nd step I told you about

2- It should write permission for the others group as a Linux file system permission

chmod 777 /path/to/folder

Try it a let me know

chmod 777 /path/to/folder

still not allowing me access to add a folder or move files to it. I can open the directory but that is it.
should i reformat the drive.  maybe i have it mounted wrong

/dev/sdb1  /media/fileserver  vfat  user,sync,nodev  0  0

First, changing the permissions to 777 is not the right way. Use it like the real way with acl or valid users.
Set the log level in smb.conf at least to 3 and give us an output of samba, winbind and client log.

how do i set the log level to 3 and where can i find the log

ok I changed the log to level 3 how do i get a new log output?  should i restart samba?

is this what you needed?
log.smbd.txt
log.winbinff-imap.txt
client-log.txt

Okay, your directory "/media/fileserver/Applications" either doesn't exists or doesn't have the right permissions. So you have to do the following:

guest account = nobody # else samba don't know that nobody is a guest
#  map to guest = bad user # uncomment if every user has a valid user/password combination

Look at my example and try to set permissions to a valid samba group or create a new group, add it to samba, chmod the directory and restart samba.

If all of this doesn't help you have to use another filesystem, ext4 or ext4, because samba can't get permissions and try it with nobody (guest).

well i reformated the drive to ext3  and now in ubuntu i can make files.  but when i go to the windows computer it wont let me even access the share.

What is inside the share? Like this?

[fileserver]
path = [where is your path]
browseable = yes
public = yes
read only = no
writeable = yes

Sorry I missed out on all the fun!

This isn't as hard as some people are making it:
 1) FAT32 filesystems don't have the kinds of permissions that Linux/Unix (hereinafter *nix) filesystems do... in fact, under FAT32, there is no such thing as an owner or group! So the fact that you couldn't write files under the FAT32 directory hierarchy would lead me to believe that it wasn't being mounted properly (as in: not being mounted rw).

But that's water-under-the-bridge now, as you've reformatted to ext3

 2) You say in your most recent posting that under ext3, you can make files as an Ubuntu user, but not as a Windows user... well, with ext3 filesystems, you DO have users (and groups) who have separate rights and privileges.... so you need to figure out what user is being used...

One simple way to do that is to set your share to 777 permissions, create a temp file in the folder, and look to see who the owner and group are set to!

You haven't shared if this is some kind of domain (or AD) environment, or if these users have potential share accounts on Ubuntu. If the latter, then make sure your login information is correct -- remember that samba users DO have to correspond to *nix users, but they DO NOT necessarily share password information (for example, my CentOS 5 installations routinely have *nix and Samba accounts for all users -- but only Admins even HAVE valid passwords for their *nix shell accounts! Everyone else MUST use Samba to access the server -- it's ALL they are ALLOWED to use.

Finally, I'm supposing you're accessing the Ubuntu through a root (admin) account... it is also possible that you've over-protected your shared folders... namely, forgetting that all users MUST have execute permissions on all folders in the "directory tree" in order to have successful access.

Consider the path /home/public/share1/folder2
For anyone to do anything to any file in folder2, they MUST have execute permission on /, /home, /home/public, /home/public/share1, and /home/public/share1/folder2 .... ALL of them!

Good Luck!

Dan
IT4SOHO

I actually went back to a vfat drive

/dev/sdb1  /media/fileserver  vfat user,rw,auto,umask=0,uid=1000,gid=1000 0 0

although it's back to my original problem.
The windows user is unable to add a folder or do anything to the share.

OK... vfat is FAT32... and there is no such thing as a user (for permissions)... that is ok, just limiting.

So I presume that a *nix user can access /media/fileserver/Applications... could you provide the output from the following command:

  ls -ld / /media /media/fileserver /media/fileserver/Applications


Thanks,

Dan
IT4SOHO

drwxr-xr-x 21 root          root           4096 2010-02-09 11:02 /
drwxr-xr-x  5 root          root           4096 2010-02-15 20:47 /media
drwxr-xr-x  6 administrator administrator 16384 1969-12-31 19:00 /media/fileserver
drwxr-xr-x  2 administrator administrator 16384 2010-02-15 20:46 /media/fileserver/Applications

here is my whole config
samba.conf.txt

i added
force user = administrator
everything works great thank you

Look at my comment above:

        force user = [the user to create] # or %U
        force group = [the group of the user] # or @%G

Same help as it4soho. Please read comments carefully cos they can help you :-)