On 01/22/2010 11:00 AM, Jon Trauntvein wrote:
I recently updated a Samba server from Fedora Core 4 to CentOs 4.5. The
old server had samba version 3.0.11 installed while the newer has samba
version 3.0.33 installed. The following file is a simplified version of
my smb.conf file:
[global]
debug level = 5
security = domain
workgroup = CSI-INTRANET
auth methods = guest, sam, winbind
server string = Software Engineering Workgroup Server
load printers = yes
guest account = nobody
log file = /var/log/samba/log.%m
max log size = 1024
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
map to guest = bad user
winbind separator = \\
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[cora]
available = yes
browseable = yes
path = /home/group/cora
public = yes
guest ok = yes
read only = yes
write list = @cora
force create mode = 0775
Assuming "cora" is a domain group and using your separator "\\", try
write list = @CSI-INTRANET\\cora
Somewhere around 3.0.23 or so, winbind started requiring the domain name
be prefixed to domain users and groups
Dale
As can be seen here, I am using domain based security. With this
configuration, my windows XP based machine can connect to the share and
can access the files and directories on that share. However, any
attempt to add a file or directory gets rebuffed with an access denied.
The following is the log from my windows machine's attempt to create a
new directory:
I'm sorry for the length of the above but I am not sure what might be
relevant to understanding the problem. As I interpret the problem,
Samba has determined that the share is read only for my client. The
unix file permissions are correct in that I can perform the needed
operations while logged on under that account and, further, I can see
that, at one point, samba had determined to use the correct account and
group IDs.
I have tried various combinations of options both within smb.conf and
within
nsswitch.conf. I have tried changing nsswitch.conf so that winbind is
used as
an option after the files are tried. I have also replaced the @cora
group
specification with references to my specific unix and domain user
names. Each
time that I have made these changes, I have faithfully restarted the
samba service.
However, at no time have I been able to access this share in any but a
read-only
fashion. If anyone has some suggestions or troubleshooting tips, I
would be most
grateful.
Regards,
Jon Trauntvein
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
