Could someone help me understand if what I'm seeing with share access is correct? On my samba domain I have two users (user1 and user2) and one share; the share has attribute "writelist = user1". On a linux machine I: mount the share with "mount -t cifs -o username=user1" successfully open a file in the share for writing with the perl "open" function close the file umount the share mount the share with "mount -t cifs -o username=user2" unsuccessfully attempt to open a file in the share for writing with the perl "open" function umount the share This is, I think, as expected. However, on Windows2003, I: connect the share as user1 unsuccessfully attempt to open the file for writing with vim This seems inconsistent with the results on linux, and not what I expected. Am I misinterpreting the expected results? Thanks for any responses. Sincerely, Don Watson Linux Technology and Solutions; Beaverton, OR 503-578-4861/TL: 775-4861; dwatson@us.ibm.com
The Linux case is easy. You are using Linux /Unix user names. When you attempt to connect from Windows however, you are using a Windows user name. This needs to map to a Linux / Unix user name. It's more common to use group privileges on shares with Windows, so putting your Windows users in groups and mapping them to Linux / Unix groups would also work. Donald W Watson wrote:> > >Could someone help me understand if what I'm seeing with share access is >correct? > >On my samba domain I have two users (user1 and user2) and one share; the >share has attribute "writelist = user1". > >On a linux machine I: > mount the share with "mount -t cifs -o username=user1" > successfully open a file in the share for writing with the perl "open" > function > close the file > umount the share > mount the share with "mount -t cifs -o username=user2" > unsuccessfully attempt to open a file in the share for writing with the > perl "open" function > umount the share >This is, I think, as expected. > >However, on Windows2003, I: > connect the share as user1 > unsuccessfully attempt to open the file for writing with vim >This seems inconsistent with the results on linux, and not what I expected. > >Am I misinterpreting the expected results? Thanks for any responses. > >Sincerely, Don Watson >Linux Technology and Solutions; Beaverton, OR >503-578-4861/TL: 775-4861; dwatson@us.ibm.com > >
Or, having re-read your problem, it could also be that your Windows2003 user1 is not in the right domain. Either way, I believe the key is to make sure that your Windows users are in to the domain and the mappings to Linux/Unix are correct. Donald W Watson wrote:> > >Could someone help me understand if what I'm seeing with share access is >correct? > >On my samba domain I have two users (user1 and user2) and one share; the >share has attribute "writelist = user1". > >On a linux machine I: > mount the share with "mount -t cifs -o username=user1" > successfully open a file in the share for writing with the perl "open" > function > close the file > umount the share > mount the share with "mount -t cifs -o username=user2" > unsuccessfully attempt to open a file in the share for writing with the > perl "open" function > umount the share >This is, I think, as expected. > >However, on Windows2003, I: > connect the share as user1 > unsuccessfully attempt to open the file for writing with vim >This seems inconsistent with the results on linux, and not what I expected. > >Am I misinterpreting the expected results? Thanks for any responses. > >Sincerely, Don Watson >Linux Technology and Solutions; Beaverton, OR >503-578-4861/TL: 775-4861; dwatson@us.ibm.com > >
Hi> However, on Windows2003, I: > connect the share as user1 > unsuccessfully attempt to open the file for writing with vim > This seems inconsistent with the results on linux, and not what I expected. > Am I misinterpreting the expected results? Thanks for any responses.I am no expert but I ran into a similar issue the other day. Make sure there are no other accounts connected to the samba share from the windows computer that could be confusing permissions. open up command prompt and type net use ie: start > run > command > net use [enter] should show a list of current connections. -- DaveB
On 5/5/06, David Baker <dtbaker@gmail.com> wrote:> Hi > > However, on Windows2003, I: > > connect the share as user1 > > unsuccessfully attempt to open the file for writing with vim > > This seems inconsistent with the results on linux, and not what I expected. > > Am I misinterpreting the expected results? Thanks for any responses. > > I am no expert but I ran into a similar issue the other day. Make sure > there are no other accounts connected to the samba share from the > windows computer that could be confusing permissions. > open up command prompt and type net use > ie: start > run > command > net use [enter] > should show a list of current connections.oh and if there are old connections lying around you can type net use * /d /y to clear ALL connections (mapped drives etc..) -- DaveB
In order for a Windows client to gain access to a share, it needs to authenticate with a Windows user id. This id should map, either directly or through group membership, to something your Linux/Unix box can handle. Samba is able to handle the share mounting because it doesn't need to access the Linux/Unix file system. However, once you start getting at the files, those permissions are handled by Linux/Unix. Therefore you need Linux/Unix access to the files. This means the id that Windows is using has to map to a Linux/Unix account (or an appropriate group mapping needs to exist). Try installing / activating SWAT on your server. This makes administration easy. Next, create your two users in SWAT and activate them. I believe SWAT is smart enough to match the user names to the existing Linux/Unix user names. Otherwise you may have to use some of the command-line programs to do the mapping. Donald W Watson wrote:> Gary, thanks for the reply. However, I still don't understand. > > On the linux server, user1 is user 500 and user2 is user 501. There > are no corresponding user id's on the linux client, and the client is > not a member of the domain, but writing to the share file works when > the share is mounted by user1. > > On the windows client, there are no corresponding local users, but the > machine is a member of the samba domain; however, I still cannot write > to the share file when the connection is made by user1. > > Sincerely, Don Watson > Linux Technology and Solutions; Beaverton, OR > 503-578-4861/TL: 775-4861; dwatson@us.ibm.com > Inactive hide details for Gary Dale <garydale@torfree.net>Gary Dale > <garydale@torfree.net> > > > *Gary Dale <garydale@torfree.net>* > > 05/04/2006 08:37 PM > Please respond to > gary > > > > To > > Donald W Watson/Beaverton/IBM@IBMUS > > cc > > samba@lists.samba.org > > Subject > > Re: [Samba] Share Access > > > > > The Linux case is easy. You are using Linux /Unix user names. When you > attempt to connect from Windows however, you are using a Windows user > name. This needs to map to a Linux / Unix user name. > > It's more common to use group privileges on shares with Windows, so > putting your Windows users in groups and mapping them to Linux / Unix > groups would also work. > > > > Donald W Watson wrote: > > > > > > >Could someone help me understand if what I'm seeing with share access is > >correct? > > > >On my samba domain I have two users (user1 and user2) and one share; the > >share has attribute "writelist = user1". > > > >On a linux machine I: > > mount the share with "mount -t cifs -o username=user1" > > successfully open a file in the share for writing with the perl > "open" > > function > > close the file > > umount the share > > mount the share with "mount -t cifs -o username=user2" > > unsuccessfully attempt to open a file in the share for writing > with the > > perl "open" function > > umount the share > >This is, I think, as expected. > > > >However, on Windows2003, I: > > connect the share as user1 > > unsuccessfully attempt to open the file for writing with vim > >This seems inconsistent with the results on linux, and not what I > expected. > > > >Am I misinterpreting the expected results? Thanks for any responses. > > > >Sincerely, Don Watson > >Linux Technology and Solutions; Beaverton, OR > >503-578-4861/TL: 775-4861; dwatson@us.ibm.com > > > > > >
If you did the smbpasswd -a, then I would expect they would be mapped. However, you are having a problem that looks like a mapping issue. However, it could also be that the accounts have not been enabled. Personally, I find it easier to add user accounts using SWAT. If your scripts are set up properly, it's all you need to do. I'm a little leery about getting too deep into the nuts and bolts by doing everything manually. It's too easy to miss a step or get the order wrong. I prefer to use the simple tools unless I have a good reason not to. :) When I use SWAT to set up the users, things work. I believe you can also use the Windows domain account tools if you have them available. Donald W Watson wrote:> If the samba users were created with "useradd" and "smbpasswd" aren't > they already mapped? > > Sincerely, Don Watson > Linux Technology and Solutions; Beaverton, OR > 503-578-4861/TL: 775-4861; dwatson@us.ibm.com > Inactive hide details for Gary Dale <garydale@torfree.net>Gary Dale > <garydale@torfree.net> > > > *Gary Dale <garydale@torfree.net>* > > 05/05/2006 09:51 AM > Please respond to > gary > > > > To > > Donald W Watson/Beaverton/IBM@IBMUS > > cc > > samba@lists.samba.org > > Subject > > Re: [Samba] Share Access > > > > > In order for a Windows client to gain access to a share, it needs to > authenticate with a Windows user id. This id should map, either directly > or through group membership, to something your Linux/Unix box can > handle. Samba is able to handle the share mounting because it doesn't > need to access the Linux/Unix file system. However, once you start > getting at the files, those permissions are handled by Linux/Unix. > Therefore you need Linux/Unix access to the files. This means the id > that Windows is using has to map to a Linux/Unix account (or an > appropriate group mapping needs to exist). > > Try installing / activating SWAT on your server. This makes > administration easy. Next, create your two users in SWAT and activate > them. I believe SWAT is smart enough to match the user names to the > existing Linux/Unix user names. Otherwise you may have to use some of > the command-line programs to do the mapping. > > > Donald W Watson wrote: > > > Gary, thanks for the reply. However, I still don't understand. > > > > On the linux server, user1 is user 500 and user2 is user 501. There > > are no corresponding user id's on the linux client, and the client is > > not a member of the domain, but writing to the share file works when > > the share is mounted by user1. > > > > On the windows client, there are no corresponding local users, but the > > machine is a member of the samba domain; however, I still cannot write > > to the share file when the connection is made by user1. > > > > Sincerely, Don Watson > > Linux Technology and Solutions; Beaverton, OR > > 503-578-4861/TL: 775-4861; dwatson@us.ibm.com > > Inactive hide details for Gary Dale <garydale@torfree.net>Gary Dale > > <garydale@torfree.net> > > > > > > *Gary Dale <garydale@torfree.net>* > > > > 05/04/2006 08:37 PM > > Please respond to > > gary > > > > > > > > To > > > > Donald W Watson/Beaverton/IBM@IBMUS > > > > cc > > > > samba@lists.samba.org > > > > Subject > > > > Re: [Samba] Share Access > > > > > > > > > > The Linux case is easy. You are using Linux /Unix user names. When you > > attempt to connect from Windows however, you are using a Windows user > > name. This needs to map to a Linux / Unix user name. > > > > It's more common to use group privileges on shares with Windows, so > > putting your Windows users in groups and mapping them to Linux / Unix > > groups would also work. > > > > > > > > Donald W Watson wrote: > > > > > > > > > > >Could someone help me understand if what I'm seeing with share > access is > > >correct? > > > > > >On my samba domain I have two users (user1 and user2) and one > share; the > > >share has attribute "writelist = user1". > > > > > >On a linux machine I: > > > mount the share with "mount -t cifs -o username=user1" > > > successfully open a file in the share for writing with the perl > > "open" > > > function > > > close the file > > > umount the share > > > mount the share with "mount -t cifs -o username=user2" > > > unsuccessfully attempt to open a file in the share for writing > > with the > > > perl "open" function > > > umount the share > > >This is, I think, as expected. > > > > > >However, on Windows2003, I: > > > connect the share as user1 > > > unsuccessfully attempt to open the file for writing with vim > > >This seems inconsistent with the results on linux, and not what I > > expected. > > > > > >Am I misinterpreting the expected results? Thanks for any responses. > > > > > >Sincerely, Don Watson > > >Linux Technology and Solutions; Beaverton, OR > > >503-578-4861/TL: 775-4861; dwatson@us.ibm.com > > > > > > > > > > > >