Link to home
Create AccountLog in
Avatar of Mark
Mark

asked on

Cannot mount samba drive for writing

OK, I'm stumped. I've don'e lots of samba mounts in the past, but I can't figure this one out. I have a new Samba 4.1.11 on a new Slackware64 14.1. My smb.conf is shown below. I'm mapping from a Windows 7 computer with user ID cantleys. I can mount homes OK (no password requested) and read and write to that directory. I can also mount webcontent (no password required), and can read, but not write. I get the error (on Windows) "W:\test.txt You don't have permission to save in this location. Contact the administrator to obtain permission.

This all worked with samba 3.5.8. I can't figure out what's wrong. smb.conf:
[global]
   workgroup = WORKGROUP

   server string = Cantleys Samba Server

   security = user

 load printers = no

  printcap name = /dev/null

   printing = bsd
disable spoolss = yes

guest account = guest

   log file = /var/log/samba.%m

   max log size = 50

   dns proxy = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0660

[webcontent]
hosts allow = 192.168.2.
path = /www/tomcat/webapps/cantleys/content
writable = yes
browsable = yes
printable = no
public = yes
guest ok = yes
guest only = yes
create mask = 0660

Open in new window

Note that user 'cantleys' and user 'guest' are mapped to the same (/etc/passwd)

cantleys:x:1001:2000:Cantley's Auto Parts:/home/cantleys:/bin/bash
guest:x:1001:2000:Local Mapped Drive User:/home/cantleys:/bin/bash

Permissions on the webcontent directory and sub-files:
drwxrwsr-x  7 cantleys tomcat    4096 2015-03-29 15:42 ./
drwxrwsr-- 11 cantleys tomcat    4096 2014-09-09 23:57 ../
drwxrwsr-x  3 cantleys tomcat    4096 2014-03-31 14:15 Home\ Images/
drwxrwsr-x  2 mfoley   tomcat    4096 2015-02-27 16:31 Special\ of\ the\ Week/
drwxr-sr-x  2 cantleys tomcat    4096 2012-10-05 22:52 TcpView/
-rwxrwxr--  1 mfoley   tomcat  291606 2012-10-05 22:51 TcpView.zip*
drwxrws---  2 cantleys tomcat    4096 2015-03-03 14:09 repairable/
drwxrwsr-x  2 mfoley   tomcat    4096 2012-08-12 00:51 save/
-rw-r-----  1 root     tomcat 1058467 2014-12-16 19:04 saveRepairables.zip
-rw-rw-r--  1 cantleys tomcat   55296 2012-10-09 13:24 zeroPriceEngines.xls
-rw-rw-r--  1 cantleys tomcat   50176 2012-10-09 13:24 zeroPriceTransmissions.xls

Open in new window

What am I doing wrong?
Avatar of arnold
arnold
Flag of United States of America image

try commenting out the guest only=yes to see what the effect is.

You have to check whether the path to the location is allowed access

/www/
tomcat/
webapps/
cantleys/
content

Check whether SELinux is also what prevents the writes into this location.

What are the security (chmod) on the directory?
getfacl /www/tomcat/webapps/cantleys/content
Avatar of Mark
Mark

ASKER

try commenting out the guest only=yes to see what the effect is.
The permission on this folder is as shown in my initial posting listing the 'dot' folder, and they are the same as the permission I had with Samba 3.5.8 when this all worked OK.

However, commenting out the "guest only=yes" did the trick! But, rather than just wave your wand and "poof", problem solved, can you give me any insight into why that worked? I've compared the 3.5.8 smb.conf and the 4.1.11 smb.conf. They are identical except in the 3.5.8 file I have "security = share" in the GLOBAL section and in the 4.1.11 config I have "security = user". When I run `testparm smb.conf-old` I get, "WARNING: Ignoring invalid value 'share' for parameter 'security'", which is undoubtedly why I changed that parameter.

Do you suppose this change of "security" parameters affects the "guest only" parameter?
You had two entries in /etc/passwd sharing the same UID but at the same time access from the Windows system is using one of the entries that likely exists both in the local /etc/passwd as well as in your samba AD/DC such that when it connects, it might not be translating with UID of guest 1001 but of a different id.

The other it looked weired and could not place my finger on what made it look odd.

run the following
id cantleys

Do you get the 1001 for UID or do you get a UID from the AD cantleys properties, unix UID?

One option you can try
reactivate guest only=yes and add guest account=cantleys and see if the functionality is maintained.

The below might be a bit outdated, but should maintain the relevant information
https://www.samba.org/samba/docs/using_samba/ch09.html
Avatar of Mark

ASKER

There is no DC/AD in this setup (different client than you've helped me on before!), but your suggested `id` command is potentially revealing:
$ id cantleys
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys),200(tomcat)

$ id guest
uid=1001(cantleys) gid=2000(cantleys) groups=2000(cantleys)

Open in new window

Notice that guest is not a member of group tomcat and that in my permission list in my initial posting the files are all group tomcat. That might be it right there.

I'll have to wait until after business hours to test, but I'll try putting 'guest only' back and make guest a member of tomcat and see if that makes the difference.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Mark

ASKER

Making guest a member of group Tomcat did the trick.