Cannot mount samba drive for writing

OK, I'm stumped. I've don'e lots of samba mounts in the past, but I can't figure this one out. I have a new Samba 4.1.11 on a new Slackware64 14.1. My smb.conf is shown below. I'm mapping from a Windows 7 computer with user ID cantleys. I can mount homes OK (no password requested) and read and write to that directory. I can also mount webcontent (no password required), and can read, but not write. I get the error (on Windows) "W:\test.txt You don't have permission to save in this location. Contact the administrator to obtain permission.

This all worked with samba 3.5.8. I can't figure out what's wrong. smb.conf:
[global]
   workgroup = WORKGROUP

   server string = Cantleys Samba Server

   security = user

 load printers = no

  printcap name = /dev/null

   printing = bsd
disable spoolss = yes

guest account = guest

   log file = /var/log/samba.%m

   max log size = 50

   dns proxy = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0660

[webcontent]
hosts allow = 192.168.2.
path = /www/tomcat/webapps/cantleys/content
writable = yes
browsable = yes
printable = no
public = yes
guest ok = yes
guest only = yes
create mask = 0660

Open in new window

Note that user 'cantleys' and user 'guest' are mapped to the same (/etc/passwd)

cantleys:x:1001:2000:Cantley's Auto Parts:/home/cantleys:/bin/bash
guest:x:1001:2000:Local Mapped Drive User:/home/cantleys:/bin/bash

Permissions on the webcontent directory and sub-files:
drwxrwsr-x  7 cantleys tomcat    4096 2015-03-29 15:42 ./
drwxrwsr-- 11 cantleys tomcat    4096 2014-09-09 23:57 ../
drwxrwsr-x  3 cantleys tomcat    4096 2014-03-31 14:15 Home\ Images/
drwxrwsr-x  2 mfoley   tomcat    4096 2015-02-27 16:31 Special\ of\ the\ Week/
drwxr-sr-x  2 cantleys tomcat    4096 2012-10-05 22:52 TcpView/
-rwxrwxr--  1 mfoley   tomcat  291606 2012-10-05 22:51 TcpView.zip*
drwxrws---  2 cantleys tomcat    4096 2015-03-03 14:09 repairable/
drwxrwsr-x  2 mfoley   tomcat    4096 2012-08-12 00:51 save/
-rw-r-----  1 root     tomcat 1058467 2014-12-16 19:04 saveRepairables.zip
-rw-rw-r--  1 cantleys tomcat   55296 2012-10-09 13:24 zeroPriceEngines.xls
-rw-rw-r--  1 cantleys tomcat   50176 2012-10-09 13:24 zeroPriceTransmissions.xls

Open in new window

What am I doing wrong?
LVL 1
jmarkfoleyAsked:
Who is Participating?
 
arnoldCommented:
Group membership might be given as you point out group tomcat has a SETGID on directory in question; though cantleys (UID 1001) is the owner and guest having the same UID should too have owner based access. .....
drwxrwsr-x
and cantleys is a member of the group while guest is not.

IMHO, one should have a single UID to name mapping.
0
 
arnoldCommented:
try commenting out the guest only=yes to see what the effect is.

You have to check whether the path to the location is allowed access

/www/
tomcat/
webapps/
cantleys/
content

Check whether SELinux is also what prevents the writes into this location.

What are the security (chmod) on the directory?
getfacl /www/tomcat/webapps/cantleys/content
0
 
jmarkfoleyAuthor Commented:
try commenting out the guest only=yes to see what the effect is.
The permission on this folder is as shown in my initial posting listing the 'dot' folder, and they are the same as the permission I had with Samba 3.5.8 when this all worked OK.

However, commenting out the "guest only=yes" did the trick! But, rather than just wave your wand and "poof", problem solved, can you give me any insight into why that worked? I've compared the 3.5.8 smb.conf and the 4.1.11 smb.conf. They are identical except in the 3.5.8 file I have "security = share" in the GLOBAL section and in the 4.1.11 config I have "security = user". When I run `testparm smb.conf-old` I get, "WARNING: Ignoring invalid value 'share' for parameter 'security'", which is undoubtedly why I changed that parameter.

Do you suppose this change of "security" parameters affects the "guest only" parameter?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
arnoldCommented:
You had two entries in /etc/passwd sharing the same UID but at the same time access from the Windows system is using one of the entries that likely exists both in the local /etc/passwd as well as in your samba AD/DC such that when it connects, it might not be translating with UID of guest 1001 but of a different id.

The other it looked weired and could not place my finger on what made it look odd.

run the following
id cantleys

Do you get the 1001 for UID or do you get a UID from the AD cantleys properties, unix UID?

One option you can try
reactivate guest only=yes and add guest account=cantleys and see if the functionality is maintained.

The below might be a bit outdated, but should maintain the relevant information
https://www.samba.org/samba/docs/using_samba/ch09.html
0
 
jmarkfoleyAuthor Commented:
There is no DC/AD in this setup (different client than you've helped me on before!), but your suggested `id` command is potentially revealing:
$ id cantleys
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys),200(tomcat)

$ id guest
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys)

Open in new window

Notice that guest is not a member of group tomcat and that in my permission list in my initial posting the files are all group tomcat. That might be it right there.

I'll have to wait until after business hours to test, but I'll try putting 'guest only' back and make guest a member of tomcat and see if that makes the difference.
0
 
jmarkfoleyAuthor Commented:
Making guest a member of group Tomcat did the trick.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.