[Newbie warning! this is my first time setting up Samba. I'm almost there but…]
Server is running Centos 8, Samba V4.10.4
Shared filesystem is xfs, I have enabled extended attributes and tested that so it is working.
I have also tested samba's ability to save dos attributes but I think the problem is probably that something is misconfigured in the ACL's or extended attributes.
I want to use this server to backup a windows 10 pro PC.
Situation is that I can browse the server and mount its shares but I cannot create files or directories from the client side. I created a directory on the share locally that I can see from the client.
If I try to create a new folder from windows I get "Destination folder access denied."
On the server /var/logs/log.smbd this shows up as
[2020/06/04 17:39:06.739107, 2] ../../source3/smbd/open.c:4057(open_directory)
open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED
[2020/06/04 17:39:13.790033, 2] ../../source3/smbd/server.c:837(remove_child_pid)
Could not find child 28630 -- ignoring
[2020/06/04 17:39:15.092117, 2] ../../lib/util/tevent_debug.c:66(samba_tevent_debug)
samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x556b012716b0] mpx_fde[(nil)] fd[15] - disabling
I have defined a [homes] share but it doesn't show up when I browse the server. Don't care about that.
I do care about windows ACL's.
I have defined two samba accounts and associated Linux accounts. "hank" is the same userid that I have on the windows client and it is mapped to my linux account using smbusers. "hankwin" is not mapped and does not have a login shell on linux. I can use either of these to mount their corresponding shares to the windows machine.
When I look at the folder properties from windows under security it shows that nobody has any permissions to do anything on the share or on the sub-folder.
icacls on the client gives the following report for the share [hankwin] mounted at y: and the subfolder y:\stuff
icacls y:
y: S-1-5-21-1897013661-3875350279-343821458-1021:(F)
S-1-22-2-1003:(RX)
Everyone:(RX)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(F)
Everyone:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
>icacls y:\stuff
y:\stuff S-1-5-21-1897013661-3875350279-343821458-1021:(F)
S-1-22-2-1003:(RX)
Everyone:(RX)
CREATOR OWNER:(OI)(CI)(IO)(F)
CREATOR GROUP:(OI)(CI)(IO)(F)
Everyone:(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
Here are the Linux file permissions
drwxrws---. 3 hankwin winshare 35 Jun 4 16:52 hankwin
drwxrws---. 2 root winshare 6 Jun 4 16:29 hank
ls -l *
hank:
total 0
hankwin:
total 0
drwxr-sr-x. 2 hankwin winshare 6 Jun 4 16:52 stuff
-rw-rwxr--+ 1 hankwin winshare 0 Jun 4 12:02 test.txt
The file test.txt is invisible from the client.
Here's the smb.conf file
[global]
path = /srv/smb
writeable = yes
printing = cups
security = user
netbios name = konishiki
load printers = yes
sync always = yes
create mode = 777
os level = 20
socket options = TCP_NODELAY
cups options = raw
passdb backend = tdbsam
printcap name = cups
workgroup = WORKGROUP
directory mode = 777
encrypt passwords = yes
log level = 2
unix password sync = yes
vfs objects = acl_xattr
map acl inherit = yes
wins support = yes
username map = /etc/samba/smbusers
admin users = hank, hankwin hcohe
[homes]
inherit acls = Yes
browseable = no
valid users = %S, %D%w%S
writable = yes
path = /home
comment = Home Directories
[hankwin]
path = /srv/smb/hankwin/
read only = no
store dos attributes = yes
[hank]
path = /srv/smb/hank
read only = no
store dos attributes = yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
Thanks to anyone with the perseverance to wade through all this.
Any suggestions would be appreciated.
Hank Cohen
Best Answer
Solved! The problem was that selinux was not giving samba the necessary permissions to export shares. This fixed it.
This solution may be specific to Centos or RHEL 8. Also if you want to allow users to mount home directories there's another bool for that.