samba - Mar 2017 - Samba as BDC: unable to write on shared folders

I use Samba as a PDC (non-AD-style) on the server n°1.
I have successfully created a BDC  on the server n°2.
I followed the official guide SAMBA 
(https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html) 

On servers n°2 I have also transferred the users database from the 
server n° 1 
(https://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/)

When I turn off the PDC my clients connect properly to the BDC.
But I can not write in the shared folders!! Shared folders are the same 
and with the same permissions of the server 1 (I used rsync -ra to 
backup them). The permissions seem ok but I can not write. I get the 
error "to perform the operation the" permission is needed.
I've also changed the logon on the BDC.
What tests can I do to figure out where is the problem?
many thanks

-- 
Dott. Ing. Roberto Spedale
Studio Progetto Ambiente s.r.l.
Corso Rosselli 44
10128 Torino
Tel: 011-58.17.359 Fax: 011-58.17.837
Email: r.spedale at studioprogettoambiente.eu
Web: http:\\www.studioprogettoambiente.eu

On Thu, 02 Mar 2017 17:40:51 +0100
Roberto Spedale - Studio Progetto Ambiente via samba
<samba at lists.samba.org> wrote:
> I use Samba as a PDC (non-AD-style) on the server n°1.
> I have successfully created a BDC  on the server n°2.
> I followed the official guide SAMBA 
>
(https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html)
Can I ask why you are setting up an NT4-style domain, you do know that
Windows made them EOL quite a long time ago and is trying to make them
hard to use with the newer versions of Windows.

Also, the howto that you refer to is extremely old is not recommended
anymore. 
> 
> On servers n°2 I have also transferred the users database from the 
> server n° 1 
>
(https://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/)
> 
> When I turn off the PDC my clients connect properly to the BDC.
> But I can not write in the shared folders!! Shared folders are the
> same and with the same permissions of the server 1 (I used rsync -ra
> to backup them). The permissions seem ok but I can not write. I get
> the error "to perform the operation the" permission is needed.
> I've also changed the logon on the BDC.
> What tests can I do to figure out where is the problem?
> many thanks
> 
Can you post the smb.conf files from the PDC & BDC.

Rowland

ps://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html)
> Can I ask why you are setting up an NT4-style domain, you do know that
> Windows made them EOL quite a long time ago and is trying to make them
> hard to use with the newer versions of Windows.
>
> Also, the howto that you refer to is extremely old is not recommended
> anymore.
>
Many thanks Penny!
I know is not recommended but I have just inherited the management of 
the corporate network from a former colleague and now I do not have a 
great experience and I would like to proceed gradually.
> Can you post the smb.conf files from the PDC&  BDC.
>
> Rowland
>
>
>
S.O. Centos 6.8 on PDC & BDC
_*
SMB.conf  PDC*_

[global]
	workgroup = SPADOMAIN
	security = user
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/false
	winbind use default domain = yes
	server string = Samba Server Version %v
	
	netbios name = NEWSERVERSPA
	
	interfaces = lo eth2
	hosts allow = 127. 192.168.0.
	
	# logs split per machine
	log file = /var/log/samba/log.%m
	# max 50KB per log file, then rotate
	max log size = 50
	
	passdb backend = tdbsam
	
	domain master = yes
	domain logons = yes
	
	logon path 	
	add user script = /usr/sbin/useradd "%u" -n -g users
	add group script = /usr/sbin/groupadd "%g"
	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d
/nohome -s /bin/false "%u"
	delete user script = /usr/sbin/userdel "%u"
	delete user from group script = /usr/sbin/userdel "%u" "%g"
	delete group script = /usr/sbin/groupdel "%g"
	

	logon drive = X:
	admin users = root, administrator	
	hostname lookups = Yes
	username map = /etc/samba/smbusers
	client lanman auth = No
	client plaintext auth = No
	time server = Yes
	log level = 3

	os level = 33
	preferred master = yes
	
	name resolve order = wins bcast hosts
	wins support = yes

	dns proxy = no
	
	load printers = yes
	show add printer wizard = yes
	printcap name = cups
	printing = cups
	cups options = raw

	use client driver = no
	printcap cache time = 750


[print$]
         comment = Printer Drivers
         path = /var/lib/samba/drivers
	guest ok = no
	browsable = yes
	read only = yes
	write list = root administrator Administrator

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = yes
	guest ok = yes
	writable = no
	printable = yes
	
[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/scripts
         read only = No
         browseable = No
	
[homes]
         comment = Home Directories
         path = /home/%U
         valid users = %U
         read only = No
         browseable = No

[Commesse]
         path = /home/shares/Commesse
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No

[Amministrazione]
         path = /home/shares/Amministrazione
         read list = @amministrazione
         write list = @amministrazione
         read only = No
         create mask = 0660
         directory mask = 02770
         inherit permissions = Yes
         map archive = No

[Insound]
         path = /home/shares/Insound
         read list = @insound
         write list = @insound
         read only = No
         create mask = 0660
         directory mask = 02770
         inherit permissions = Yes
         map archive = No
         browseable = No

[Documentazione]
         path = /home/shares/Documentazione
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No

[Qualita]
         path = /home/shares/Qualita
         read only = No

[Archivio]
         path = /home/shares/Archivio
         read only = Yes
         write list = @ntadmins
         inherit permissions = Yes
         map archive = No

[Offerte]
         path = /home/shares/Offerte
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No

_*SMB.conf  PDC*_

[global]
    workgroup = SPADOMAIN
    security = user
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template shell = /bin/false
    winbind use default domain = yes

	server string = Samba Server Version %v
	
	netbios name = SERVER2017
	
	interfaces = lo em1
	hosts allow = 127. 192.168.0.
	
	# logs split per machine
	log file = /var/log/samba/log.%m
	# max 50KB per log file, then rotate
	max log size = 50
	
	passdb backend = tdbsam
	
	domain master = no
	domain logons = yes
	

	# disables profiles support by specifing an empty path
	logon path 
	add user script = /usr/sbin/useradd "%u" -n -g users
	add group script = /usr/sbin/groupadd "%g"
	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d
/nohome -s /bin/false "%u"
	delete user script = /usr/sbin/userdel "%u"
	delete user from group script = /usr/sbin/userdel "%u" "%g"
	delete group script = /usr/sbin/groupdel "%g"
	

#Aggiunto dal vecchio server
	logon drive = X:
	admin users = root, administrator	
#cambiato da versione presente su master
	hostname lookups = no
	username map = /etc/samba/smbusers
	client lanman auth = No
	client plaintext auth = No
	log level = 3

	preferred master = no
	
	name resolve order = wins bcast hosts

	wins support = no

	dns proxy = no
	

	load printers = no
	show add printer wizard = yes
	printcap name = cups
	printing = cups
	cups options = raw
	use client driver = no
	printcap cache time = 750


[print$]
         comment = Printer Drivers
         path = /var/lib/samba/drivers
	guest ok = no
	browsable = yes
	read only = yes
	write list = root administrator Administrator




[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = yes
	guest ok = yes
	writable = no
	printable = yes
	
[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/scripts
         read only = No
         browseable = No
	
[homes]
         comment = Home Directories
         path = /home/%U
         valid users = %U
         read only = No
         browseable = No

[Commesse]
         path = /home/shares/Commesse
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No

[Amministrazione]
         path = /home/shares/Amministrazione
         read list = @amministrazione
         write list = @amministrazione
         read only = No
         create mask = 0660
         directory mask = 02770
         inherit permissions = Yes
         map archive = No

[Insound]
         path = /home/shares/Insound
         read list = @insound
         write list = @insound
         read only = No
         create mask = 0660
         directory mask = 02770
         inherit permissions = Yes
         map archive = No
         browseable = No

[Documentazione]
         path = /home/shares/Documentazione
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No

[Qualita]
         path = /home/shares/Qualita
         read only = No


[Offerte]
         path = /home/shares/Offerte
         read only = No
         create mask = 0666
         directory mask = 0777
         inherit permissions = Yes
         map archive = No