[Newbie warning! this is my first time setting up Samba. I'm almost there but...]
Server is running Centos 8, Samba V4.10.4 Shared filesystem is xfs, I have enabled extended attributes and tested that so it is working. I have also tested samba's ability to save dos attributes but I think the problem is probably that something is misconfigured in the ACL's or extended attributes.
I want to use this server to backup a windows 10 pro PC.
Situation is that I can browse the server and mount its shares but I cannot create files or directories from the client side. I created a directory on the share locally that I can see from the client.
If I try to create a new folder from windows I get "Destination folder access denied." On the server /var/logs/log.smbd this shows up as
[2020/06/04 17:39:06.739107, 2] ../../source3/smbd/open.c:4057(open_directory)
open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED
[2020/06/04 17:39:13.790033, 2] ../../source3/smbd/server.c:837(remove_child_pid)
Could not find child 28630 -- ignoring
[2020/06/04 17:39:15.092117, 2] ../../lib/util/tevent_debug.c:66(samba_tevent_debug)
samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x556b012716b0] mpx_fde[(nil)] fd[15] - disabling
I have defined a [homes] share but it doesn't show up when I browse the server. Don't care about that. I do care about windows ACL's.
I have defined two samba accounts and associated Linux accounts. "hank" is the same userid that I have on the windows client and it is mapped to my linux account using smbusers. "hankwin" is not mapped and does not have a login shell on linux. I can use either of these to mount their corresponding shares to the windows machine.
When I look at the folder properties from windows under security it shows that nobody has any permissions to do anything on the share or on the sub-folder.
icacls on the client gives the following report for the share [hankwin] mounted at y: and the subfolder y:\stuff
icacls y:
y: S-1-5-21-1897013661-3875350279-343821458-1021:(F)
S-1-22-2-1003:(RX)
Everyone:(RX)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(F)
Everyone:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
>icacls y:\stuff
y:\stuff S-1-5-21-1897013661-3875350279-343821458-1021:(F)
S-1-22-2-1003:(RX)
Everyone:(RX)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(F)
Everyone:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
Here are the Linux file permissions
drwxrws---. 3 hankwin winshare 35 Jun 4 16:52 hankwin
drwxrws---. 2 root winshare 6 Jun 4 16:29 hank
ls -l *
hank:
total 0
hankwin:
total 0
drwxr-sr-x. 2 hankwin winshare 6 Jun 4 16:52 stuff
-rw-rwxr--+ 1 hankwin winshare 0 Jun 4 12:02 test.txt
The file test.txt is invisible from the client.
Here's the smb.conf file
[global]
path = /srv/smb
writeable = yes
printing = cups
security = user
netbios name = konishiki
load printers = yes
sync always = yes
create mode = 777
os level = 20
socket options = TCP_NODELAY
cups options = raw
passdb backend = tdbsam
printcap name = cups
workgroup = WORKGROUP
directory mode = 777
encrypt passwords = yes
log level = 2
unix password sync = yes
vfs objects = acl_xattr
map acl inherit = yes
wins support = yes
username map = /etc/samba/smbusers
admin users = hank, hankwin hcohe
[homes]
inherit acls = Yes
browseable = no
valid users = %S, %D%w%S
writable = yes
path = /home
comment = Home Directories
[hankwin]
path = /srv/smb/hankwin/
read only = no
store dos attributes = yes
[hank]
path = /srv/smb/hank
read only = no
store dos attributes = yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
Thanks to anyone with the perseverance to wade through all this. Any suggestions would be appreciated.
Hank Cohen
