Just another update - I set up user security again to test and it works - the users I added in with smbpasswd worked.
I will no longer use this Samba server with AD security as only a few users use it. Thanks for any help. If anyone still has any suggestions on getting my box to work with AD please let me know. Mike __________________ Michael Casale IT Manager | Knoa Software, Inc 5 Union Square West | New York | New York | 10003 t: 212.807.9608 x 6000 | m: 352-359-1797 | f: 212.675.6121 www.knoa.com -----Original Message----- From: Michael Casale Sent: Wednesday, June 06, 2007 12:31 PM To: Michael Casale; '[EMAIL PROTECTED]' Cc: '[email protected]' Subject: RE: [Samba] Users can Read but not Write / Delete Files New Development, I just changed the security on my Samba box to user, and added the root user to the smbpassword file with the smbpasswd root command. I then successfully authenticated to a share on the Samba server as root. Guess what? Once again, I was able to read files, but not write, create, or delete any files. This is definitely a problem with the Linux server - since rebooting last week this has happened. Anyone know anything about selinux? Maybe I need to set it, or disable it again? The problem is independent of the type of authentication Samba uses. Thanks! Mike __________________ Michael Casale IT Manager | Knoa Software, Inc 5 Union Square West | New York | New York | 10003 t: 212.807.9608 x 6000 | m: 352-359-1797 | f: 212.675.6121 www.knoa.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Casale Sent: Wednesday, June 06, 2007 9:52 AM To: [EMAIL PROTECTED] Cc: [email protected] Subject: RE: [Samba] Users can Read but not Write / Delete Files Gary, Thanks for your reply - but I already tried chmod'ing some files in some directories to 777 and it still doesn't' work. Mike __________________ Michael Casale IT Manager | Knoa Software, Inc 5 Union Square West | New York | New York | 10003 t: 212.807.9608 x 6000 | m: 352-359-1797 | f: 212.675.6121 www.knoa.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Dale Sent: Tuesday, June 05, 2007 10:58 PM Cc: [email protected] Subject: Re: [Samba] Users can Read but not Write / Delete Files One possible problem is the actual file permissions on the server. I think Samba expects to see the files wide open so that Samba/Winbind can implement the Windows permissions properly without running afoul of Unix permissions. I recognize that this doesn't fit the way the problem developed, but the symptoms match. :) Michael Casale wrote: > Hi All, > > > > Hi All, > > Here is a situation where everyone can read to, but not write to or > delete, the shares on our Samba server: > > We moved the file server a few weeks ago - split off some files to a new > Windows file server - and users could read but not write files to the > old Samba server after it was renamed (SAN to OLDSAN). It turned out > SELinux was running, which I disabled, rebooted, and all worked well. > > > > Now I've been patching our domain controllers and the same thing > happened. I assumed I installed the "magic patch" on a domain > controller. All users can read the files they are supposed to, but no > one, including the admin (me), can write to or delete files. In other > words, the same as before, but I checked, and selinux is still disabled. > > > > I tried deleting and re-creating the server's computer object in the > Windows 2003 Active Directory - same problem. > > > > Has anyone seen this problem? Can anyone shed any light on this? > > > > Here is our setup: > > > > Red Hat Enterprise Linux AS kernel 2.6.9-5.EL > > > > Samba Version: 3.0.10-1.4E > > > > Running in AD Security Mode. > > > > Not running as a domain controller > > Not running as a WINS server. > > > > Thanks for all and any help! > > > > Mike Casale > > > > Here is our smb.conf file: > > > > #======================= Global Settings > ===================================== > > [global] > > > > workgroup = NYC-14 > > netbios name = OLDSAN > > # the following changed to adapt to Win2003 MC 19Nov06: > > client schannel = no > > client use spnego = no > > server signing = auto > > server string = OLD SAN > > > > printcap name = /etc/printcap > > load printers = no > > > > cups options = raw > > > > log file = /var/log/samba/%m.log > > max log size = 50 > > > > security = ads > > realm = NYC-14.KNOA.COM > > password server = 192.168.14.243 > > > > > > encrypt passwords = yes > > > > > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > > > wins server = 192.168.14.243 > > > > dns proxy = no > > > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > ;winbind separator = \ > > winbind enum users = yes > > winbind enum groups = yes > > template shell = /bin/false > > winbind use default domain = yes > > > > #============================ Share Definitions > ============================== > > # backup depository > > [backup] > > comment = Backup Repository > > force create mode = 0777 > > force directory mode = 6777 > > path = /mnt/data/backup > > browseable = no > > writable = yes > > valid users = NYC-14\backup, NYC-14\mcasale, NYC-14\administrator, > NYC-14\sys_bak, NYC-14\PDS$, NYC-14\RDS$, NYC-14\MXS$, "NYC-14\Domain > Admins" > > > > > > # bulk data storage for Development > > [bulk] > > browsable = no > > force create mode = 0777 > > force directory mode = 6777 > > path = /mnt/data/bulk > > writable = yes > > guest ok = yes > > > > # clients data > > [Clients] > > browsable = yes > > comment = Clients of Knoa Software > > inherit permissions = yes > > path = /mnt/data/clients > > valid users = NYC-14\mcasale, NYC-14\Staff, NYC-14\Extranet, > NYC-14\administrator, "NYC-14\Domain Admins" > > writable = yes > > > > # Engineering signing keys > > [CSPDID] > > browseable = no > > # access to this share is controled via valid users list > > force create mode = 0777 > > force directory mode = 6777 > > path = /mnt/data/cspdid > > valid users = NYC-14\mcasale, NYC-14\zkopytnik, NYC-14\drayna, > NYC-14\plui, NYC-14\mkrosky, NYC-14\Administrator, "NYC-14\Domain > Admins" > > writable = yes > > > > # file share for all company departments > > [Company] > > comment = Departamental File Share > > browseable = yes > > inherit permissions = yes > > # force create mode = 0777 > > # force directory mode = 6777 > > path = /mnt/data/company > > valid users = NYC-14\Staff, NYC-14\tester, NYC-14\Administrator, > "NYC-14\Domain Admins" > > writable = yes > > inherit permissions = yes > > > > # image depository > > [image] > > comment = Disk Image Repository > > path = /mnt/data/image > > browseable = no > > write list = NYC-14\mcasale, NYC-14\Administrator, "NYC-14\Domain > Admins" > > > > # intranet site files for access by the Intranet server VMC > > [intranet] > > path = "/mnt/data/company/Web Development/Intranet" > > browsable = no > > guest ok = yes > > # valid users = NYC-14\sys_web, NYC-14\vmc$ > > > > # server root - for backup only > > [home] > > path = /mnt/data > > valid users = NYC-14\Services, root, NYC-14\Administrator, > "NYC-14\Domain Admins" NYC-14\mcasale > > browseable = no > > > > # software library > > [Software] > > comment = Software Library > > force create mode = 0007 > > force directory mode = 0007 > > path = /mnt/data/software > > valid users = NYC-14\Staff, NYC-14\Administrator, NYC-14\mcasale > > write list = NYC-14\Staff, NYC-14\Administrator, "NYC-14\Domain > Admins", NYC-14\mcasale > > > > [VSS] > > browseable = no > > comment = Visual Source Safe > > create mask = 0666 > > directory mask = 0777 > > path = /mnt/data/vss > > valid users = NYC-14\Staff, NYC-14\tester, NYC-14\Administrator, > "NYC-14\Domain Admins" > > writable = yes > > > > # Users - public files of staff members > > [Users] > > comment = Personal File Repositories > > # create mask = 0666 > > # directory mask = 0777 > > path = /mnt/data/profiles/public > > valid users = NYC-14\Staff, NYC-14\administrator, "NYC-14\Domain > Admins" > > writable = yes > > browseable = yes > > # inherit permissions = yes > > > > # user profiles > > [%U] > > path = /mnt/data/profiles/%U > > create mask = 0666 > > directory mask = 0777 > > valid users = NYC-14\%U, "NYC-14\Domain Admins" > > writable = yes > > browseable = no > > inherit permissions = yes > > > > # Public Directory > > [Public] > > path = /mnt/data/profiles/public > > #create mask = 0007 > > #directory mask = 0007 > > #valid users = NYC-14\Staff > > writable = yes > > browseable = yes > > inherit permissions = yes > > > > # Test Users Directory > > [Users2] > > path = /mnt/data/users > > #create mask = 0666 > > #directory mask = 0777 > > valid users = NYC-14\Staff > > writeable = yes > > browseable = no > > inherit permissions = yes > > > > And here is our Kerberos file krb5.conf: > > > > [logging] > > default = FILE:/var/log/krb5libs.log > > kdc = FILE:/var/log/krb5kdc.log > > admin_server = FILE:/var/log/kadmind.log > > > > [libdefaults] > > default_realm = NYC-14.KNOA.COM > > dns_lookup_realm = true > > dns_lookup_kdc = true > > > > [realms] > > NYC-14.KNOA.COM = { > > kdc = credo.nyc-14.knoa.com:88 > > # kdc = mxs.nyc-14.knoa.com:88 > > admin_server = credo.nyc-14.knoa.com:749 > > # admin_server = mxs.nyc-14.knoa.com:749 > > default_domain = nyc-14.knoa.com > > } > > > > [domain_realm] > > .nyc-14.knoa.com = NYC-14.KNOA.COM > > nyc-14.knoa.com = NYC-14.KNOA.COM > > > > [kdc] > > profile = /var/kerberos/krb5kdc/kdc.conf > > > > [appdefaults] > > pam = { > > debug = false > > ticket_lifetime = 36000 > > renew_lifetime = 36000 > > forwardable = true > > krb4_convert = false > > } > > > > > > ________________________________ > > Michael Andrew Casale > > Information Technology Manager | Knoa Software, Inc > > 5 Union Square West | New York | New York | 10003 > > t: 212.807.9608 x 6000 | m: 352-359-1797 | f: 212.675.6121 > > > > www.knoa.com > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
