4

/etc/samba/smb.conf :

[global]
workgroup = w
server string = server
security = user
load printers = no
debug level = 10
log file = /var/log/samba/%m.log
max log size = 5000
dns proxy = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes 

unix extensions = no
# if I comment above line, I can write to /home/shareuser/writable

follow symlinks = yes
wide links = yes 

[writable]
comment = test
writable = yes 
valid users = shareuser
path=/home/shareuser/writable

shareuser has valid passwd and smbpasswd (-a)

I mount the share like this: mount -t cifs //server/writable mountpoint/ -o username=shareuser

With unix extensions = yes, I can write to the share.

With unix extensions = no, I can't write to the share.

Any help greatly appreciated :)

Edit: simplified the example

Edit: /var/log/samba/log.smbd

[2012/09/23 22:42:32,  0] smbd/server.c:1053(main)
  smbd version 3.6.8 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2011
[2012/09/23 22:42:32,  5] ../lib/util/debug.c:330(debug_dump_status)
  INFO: Current debug levels:
    all: 10
    tdb: 10
    printdrivers: 10
    lanman: 10
    smb: 10
    rpc_parse: 10
    rpc_srv: 10
    rpc_cli: 10
    passdb: 10
    sam: 10
    auth: 10
    winbind: 10
    vfs: 10
    idmap: 10
    quota: 10
    acls: 10
    locking: 10
    msdfs: 10
    dmapi: 10
    registry: 10
  doing parameter log file = /var/log/samba/%m.log
  doing parameter max log size = 5000
  doing parameter dns proxy = no
  doing parameter printing = bsd
  doing parameter printcap name = /dev/null
  doing parameter disable spoolss = yes
  doing parameter unix extensions = no
  doing parameter follow symlinks = yes
  doing parameter wide links = yes
[2012/09/23 22:42:32,  4] param/loadparm.c:9608(lp_load_ex)
  pm_process() returned Yes
[2012/09/23 22:42:32,  7] param/loadparm.c:9834(lp_servicenumber)
  lp_servicenumber: couldn't find homes
[2012/09/23 22:42:32, 10] param/loadparm_server_role.c:101(set_server_role)
  set_server_role: role = ROLE_STANDALONE
[2012/09/23 22:42:32,  5] ../lib/util/charset/codepoints.c:235(map_locale)
  Substituting charset 'UTF-8' for LOCALE
[2012/09/23 22:42:32,  2] lib/tallocmsg.c:124(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2012/09/23 22:42:32,  2] lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED

Edit: /var/log/samba/smbd.log

/var/log/samba/smbd.log -- pastebin

MCH
  • 41

1 Answers1

1

Just maybe the reason of this confusion is in directory ownership and permissions. I took my working config file. Take a note about "force *" instructions.

[usb]
   path = /usb
   force user = akond
   force group = +wheel
   force group = akond
   create mask = 0666
   force create mode = 0666
   force directory security mode = 0666
   directory mode = 0777  #and
   force directory mode = 0777  #or
   writeable = yes

p.s.

I have unix extensions = no.

UPDATE

[global]
        interfaces = 192.168.2.113
        workgroup = BUNKER
        netbios name = NFS
        admin users= @"Domain Admins"
        server string = Samba Server %v
        security = USER
        encrypt passwords = Yes
        obey pam restrictions = No
        ldap passwd sync = Yes
        unix password sync = Yes
        passwd program = /usr/local/sbin/smbldap-passwd "%u"
        passwd chat = *new*password* "%n"\n *new*password* "%n"\n *updated*successfully*
        log level = 0
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 100000
        time server = Yes
        socket options = TCP_NODELAY
        mangling method = hash2

        logon script = startup.cmd
        logon drive = H:
        logon home =
        logon path =

        domain logons = Yes
        os level = 200
        passdb backend = ldapsam:ldap://192.168.2.113/
        ldap admin dn = cn=manager,dc=tmd,dc=loc
        ldap suffix = dc=tmd,dc=loc
        ldap group suffix = ou=Group
        ldap user suffix = ou=People
        ldap machine suffix = ou=Computers

        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'


        load printers = No
        hosts allow = 192.168.2.0/24 , 127. , 192.168.1.0/24
        unix charset = UTF8
        dos charset = 866
        preserve case = yes
        short preserve case = yes
        default case = lower
        case sensitive = no

        create mask = 0664
        directory mask = 0775
        force create mode = 0664
        force directory mode = 0775

[homes]
        comment = repertoire de %U, %u
        read only = No
        create mask = 0644
        directory mask = 0775
        browseable = No

[netlogon]
        path = /storage/samba/netlogon/
        browseable = No
        read only = yes

[files]
        path = /files
        browseable = Yes
        read only = No
        directory mask = 0777
        create mask = 0666
akond
  • 1,622
  • Thank you for replying! Unfortunately this doesn't work for me :(. I copied your example as is (I just changed the path, username and group) and restarted smbd but no success :( – MCH Sep 23 '12 at 18:29
  • What is in the log file? – akond Sep 23 '12 at 18:37
  • Well -- there seems to be nothing in the log -- but I'm not completely sure since I'm using systemd/journalctl without syslog-ng and I'm not sure if that is logging samba correctly (I switched a few days ago). I will try to figure this out asap – MCH Sep 23 '12 at 19:17
  • I don't think that helps, but all that is logged by smbd is: "standard input is not a socket, assuming -D option" when starting up -- I guess there should be more !? – MCH Sep 23 '12 at 19:42
  • Add debug level = 10 and security = user in global section – akond Sep 23 '12 at 19:55
  • Ok, now the log is giant! but there's nothing I can make sense of! I'll paste it into the question. – MCH Sep 23 '12 at 20:08
  • I see some windows related records. Is windows somehow involved? Too, I don't see any file access records. Does the log contains any or it is just start-up records? – akond Sep 24 '12 at 06:40
  • I deleted all logs, restarted smbd, mounted the share and tried to create a folder ("Permission denied") and tried to create a file ("Permission denied"), then unmounted the share. Then posted the log. So it should contain everything relevant. Windows is not involved. May I ask for your smb.conf to test it with my user? – MCH Sep 24 '12 at 10:43
  • There is a reference to Windows registry, so I thought about it. – akond Sep 24 '12 at 11:20
  • Ay, sure. What is your OS: Linux or FreeBsd? – akond Sep 24 '12 at 11:21
  • Yes, I saw the registry-thingys in the logs too ^^ My OS is Linux. Thank you – MCH Sep 24 '12 at 11:26
  • This config is ldap oriented, so maybe you should develop the default config instead. BTW, Why don't you just use NFS? – akond Sep 24 '12 at 14:04
  • Well, in the end I want to have a shared directory which allows Linux and Windows clients write access and allows the owner of the shared directory to symlink files and directories in other places into the shared directory. these symlinks should be accessible for clients like normal directories/files. I don't know anything of NFS -- would that be possible with NFS too? – MCH Sep 24 '12 at 14:39
  • Btw: You have quite an impressive config there :) – MCH Sep 24 '12 at 14:44
  • But there's no 'unix extensions = no' in your config? – MCH Sep 24 '12 at 14:57
  • Yes, there is unix extensions = no in my home system only. At work apparently the situation is different. But at home I have FreeBsd. So... NFS is much better than Samba for Linux/Unix. Much-much better. And yeah, nothing prevents you from using both NFS and Samba at the same time. – akond Sep 24 '12 at 15:02
  • I stripped everything ldap-related from your config, changed the user and paths and added 'unix extensions = no' -- it still doesn't allow write access :(. I really don't know what to try anymore ... I have been trying to solve this for at least a week now :( – MCH Sep 24 '12 at 15:18
  • Turn unix extension on then. – akond Sep 24 '12 at 16:02
  • The problem with turning unix extensions on is that then it's not possible to follow symlinks outside the share folder :(. Hmm I just don't know why I cannot write into a folder with unix extensions off -- so weird. – MCH Sep 24 '12 at 16:50
  • Try to add allow insecure wide links = yes and wide links = yes. But this creates a security risk. – akond Sep 24 '12 at 17:05
  • Doesn't work for me. If I add follow symlinks = yes,wide links = yes and allow insecure wide links = yes, I still can only cd into symlinks pointing to folders inside the share, not symlinks pointing to folders outside the share. – MCH Sep 24 '12 at 17:39
  • Adding create mask = 0775, directory mask = 2775, force create mode = 775, force directory security mode = 2775 and force group = +it solved my problem. – Brad Mace Apr 17 '13 at 14:30