I configured winbind, samba and pam.d to authenticate via our Windows Active Directory Server. Everything works fine, I can log on to the system using my Windows Account credentials, I am also able to access the samba home share, but I have no write permissions there. What I don't get is: When I give read-write-access to everybody (chmod 777 /home/%USER%), I am able to create and delete files. If I than create a new file (via the network share), the file is created by the owner of /home/%USER%. But If the system identifies myself as the owner, why was I not able to create the file before changig the file permissions? /etc/samba/smb.conf [global] workgroup = WORKGROUP realm = INT.WORKGROUP.COM server string = %h security = ADS winbind separator = + winbind cache time = 10 password server = 192.168.1.1 encrypt passwords = yes client use spnego = yes idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = WORKGROUP+%S after chmod 777: debian:/home/USER# ls -la -rwx------ 1 USER domain-user 0 15. Jul 16:45 test
Mona Meyer wrote:> I configured winbind, samba and pam.d to authenticate via our Windows Active > Directory Server. > > Everything works fine, I can log on to the system using my Windows Account > credentials, I am also able to access the samba home share, but I have no > write permissions there. > > What I don't get is: When I give read-write-access to everybody (chmod 777 > /home/%USER%), I am able to create and delete files. If I than create a new > file (via the network share), the file is created by the owner of > /home/%USER%. But If the system identifies myself as the owner, why was I > not able to create the file before changig the file permissions? >When I first setup our file server I remember running into something like that, I fixed it by writing a preexex script to set the permissions correctly. If you are interested I would be happy to send you our script. -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170