samba - Aug 2018 - Can't write to a samba share mounted as an AD user

Full disclosure: This is an exported share on a QNAP NAS device.

[admin at outerdrive ~]# /mnt/ext/opt/samba/bin/smbstatus

Samba version 4.4.16
PID     Username     Group        Machine
Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
14549   -1            -1                         (192.168.192.124)
SMB2_10           -                    -

Service    pid    Username    Adderess    Machine    Connected at
Encryption    Signing
QNAP need start--------------------------------------
IPC$    14549    -1    192.168.192.124        Thu Aug  2 10:25:37 AM 2018
EDT    -    -
Public    14549    -1    192.168.192.124        Thu Aug  2 10:25:37 AM 2018
EDT    -    -
QNAP need end--------------------------------------

No locked files

This is from the administrator's shell account on the QNAP device. The
share in question is 'Public'.

When I mount the share using my AD creds the mount succeeds. I can touch(1)
files and read them but for whatever reason I can't write to the share. The
ACL of the share in question looks like this:

netname: Public
    remark:    System default share
    path:    C:\share\CACHEDEV1_DATA\Public
    password:
    type:    0x0
    perms:    0
    max_uses:    -1
    num_uses:    1
revision: 0
type: 0x8004: SEC_DESC_DACL_PRESENT SEC_DESC_SELF_RELATIVE
DACL
    ACL    Num ACEs:    1    revision:    2
    ---
    ACE
        type: ACCESS ALLOWED (0) flags: 0x00
        Specific bits: 0x1ff
        Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
        SID: S-1-1-0

So S-1-1-0 is "everyone."

Is it because the uid/gid is "-1" in the above output causing my
grief?

Thanks!

-aps

On Thu, 2 Aug 2018 10:43:26 -0400
pisymbol via samba <samba at lists.samba.org> wrote:
> Full disclosure: This is an exported share on a QNAP NAS device.
Even fuller disclosure ;-)
You haven't given us enough info

What version of Samba is the QNAP NAS using ?
What is in smb.conf ?
Is it part of a domain ?

Rowland

Whoops! Replying to all!

On Thu, Aug 2, 2018 at 10:55 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 2 Aug 2018 10:43:26 -0400
> pisymbol via samba <samba at lists.samba.org> wrote:
>
> > Full disclosure: This is an exported share on a QNAP NAS device.
>
> Even fuller disclosure ;-)
> You haven't given us enough info
>
I can facilitate though.

> What version of Samba is the QNAP NAS using ?
>
4.4.16

What is in smb.conf ?
>
A lot of stuff as you can imagine. But for this share:
[Public]
comment = System default share
path = /share/CACHEDEV1_DATA/Public
browsable = yes
oplocks = yes
ftp write only = no
recycle bin = yes
recycle bin administrators only = yes
qbox = no
public = yes
invalid users = "guest"
read list = @"everyone"
write list = "admin",@"ACME\Users"
valid users =
"root",@"everyone","admin",@"Acme\Users"
inherit permissions = yes
shadow:snapdir = /share/CACHEDEV1_DATA/_.share/Public/.snapshot
shadow:basedir = /share/CACHEDEV1_DATA/Public
shadow:sort = desc
shadow:format = @GMT-%Y.%m.%d-%H:%M:%S
smb encrypt = disabled
strict allocate = yes
streams_depot:check_valid = yes
mangled names = yes
admin users admin only 

> Is it part of a domain ?
>
Yes. Let's call it ACME.

I am mounting with my login ACME\alex via:

sudo mount -ousername=alex,domain=acme.com,vers=2.1 //
outerdrive.acme.com/Public /mnt

Linux client is latest 7.5 CentOS.

-aps