asked on
Cannot mount samba drive for writing
OK, I'm stumped. I've don'e lots of samba mounts in the past, but I can't figure this one out. I have a new Samba 4.1.11 on a new Slackware64 14.1. My smb.conf is shown below. I'm mapping from a Windows 7 computer with user ID cantleys. I can mount homes OK (no password requested) and read and write to that directory. I can also mount webcontent (no password required), and can read, but not write. I get the error (on Windows) "W:\test.txt You don't have permission to save in this location. Contact the administrator to obtain permission.
This all worked with samba 3.5.8. I can't figure out what's wrong. smb.conf:
cantleys:x:1001:2000:Cantl
guest:x:1001:2000:Local Mapped Drive User:/home/cantleys:/bin/b
Permissions on the webcontent directory and sub-files:
This all worked with samba 3.5.8. I can't figure out what's wrong. smb.conf:
[global]
workgroup = WORKGROUP
server string = Cantleys Samba Server
security = user
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
guest account = guest
log file = /var/log/samba.%m
max log size = 50
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0660
[webcontent]
hosts allow = 192.168.2.
path = /www/tomcat/webapps/cantleys/content
writable = yes
browsable = yes
printable = no
public = yes
guest ok = yes
guest only = yes
create mask = 0660
cantleys:x:1001:2000:Cantl
guest:x:1001:2000:Local Mapped Drive User:/home/cantleys:/bin/b
Permissions on the webcontent directory and sub-files:
drwxrwsr-x 7 cantleys tomcat 4096 2015-03-29 15:42 ./
drwxrwsr-- 11 cantleys tomcat 4096 2014-09-09 23:57 ../
drwxrwsr-x 3 cantleys tomcat 4096 2014-03-31 14:15 Home\ Images/
drwxrwsr-x 2 mfoley tomcat 4096 2015-02-27 16:31 Special\ of\ the\ Week/
drwxr-sr-x 2 cantleys tomcat 4096 2012-10-05 22:52 TcpView/
-rwxrwxr-- 1 mfoley tomcat 291606 2012-10-05 22:51 TcpView.zip*
drwxrws--- 2 cantleys tomcat 4096 2015-03-03 14:09 repairable/
drwxrwsr-x 2 mfoley tomcat 4096 2012-08-12 00:51 save/
-rw-r----- 1 root tomcat 1058467 2014-12-16 19:04 saveRepairables.zip
-rw-rw-r-- 1 cantleys tomcat 55296 2012-10-09 13:24 zeroPriceEngines.xls
-rw-rw-r-- 1 cantleys tomcat 50176 2012-10-09 13:24 zeroPriceTransmissions.xls
Linux
Last Comment
Mark
ASKER
try commenting out the guest only=yes to see what the effect is.The permission on this folder is as shown in my initial posting listing the 'dot' folder, and they are the same as the permission I had with Samba 3.5.8 when this all worked OK.
However, commenting out the "guest only=yes" did the trick! But, rather than just wave your wand and "poof", problem solved, can you give me any insight into why that worked? I've compared the 3.5.8 smb.conf and the 4.1.11 smb.conf. They are identical except in the 3.5.8 file I have "security = share" in the GLOBAL section and in the 4.1.11 config I have "security = user". When I run `testparm smb.conf-old` I get, "WARNING: Ignoring invalid value 'share' for parameter 'security'", which is undoubtedly why I changed that parameter.
Do you suppose this change of "security" parameters affects the "guest only" parameter?
You had two entries in /etc/passwd sharing the same UID but at the same time access from the Windows system is using one of the entries that likely exists both in the local /etc/passwd as well as in your samba AD/DC such that when it connects, it might not be translating with UID of guest 1001 but of a different id.
The other it looked weired and could not place my finger on what made it look odd.
run the following
id cantleys
Do you get the 1001 for UID or do you get a UID from the AD cantleys properties, unix UID?
One option you can try
reactivate guest only=yes and add guest account=cantleys and see if the functionality is maintained.
The below might be a bit outdated, but should maintain the relevant information
https://www.samba.org/samba/docs/using_samba/ch09.html
The other it looked weired and could not place my finger on what made it look odd.
run the following
id cantleys
Do you get the 1001 for UID or do you get a UID from the AD cantleys properties, unix UID?
One option you can try
reactivate guest only=yes and add guest account=cantleys and see if the functionality is maintained.
The below might be a bit outdated, but should maintain the relevant information
https://www.samba.org/samba/docs/using_samba/ch09.html
ASKER
There is no DC/AD in this setup (different client than you've helped me on before!), but your suggested `id` command is potentially revealing:
I'll have to wait until after business hours to test, but I'll try putting 'guest only' back and make guest a member of tomcat and see if that makes the difference.
$ id cantleys
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys),200(tomcat)
$ id guest
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys)
I'll have to wait until after business hours to test, but I'll try putting 'guest only' back and make guest a member of tomcat and see if that makes the difference.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Making guest a member of group Tomcat did the trick.
You have to check whether the path to the location is allowed access
/www/
tomcat/
webapps/
cantleys/
content
Check whether SELinux is also what prevents the writes into this location.
What are the security (chmod) on the directory?
getfacl /www/tomcat/webapps/cantle