Hi,

I've got Samba up and running on Fedora 4. I can share files via Mac and PC fine, but only when I use /tmp/ as the share. When I try another share directory I get NT_STATUS_ACCESS_DENIED when write to the drives, but I can still connect and get read access is ok.

I have used permissions 777 and even replicated the /tmp/ permissions with +t. I'm pretty sure smb.conf is ok so I think it might be an issue with the samba/unix users. I get the same problem connecting as root on the actual box using smbclient on command line.

Anyone seen this before any ideas?

Thanks...

John.

Changing the permissions on the filesystem won't necessarily fix the problem, because the samba user might fall under a different set of rules. Most likely, you need to modify the way that your samba drive is shared. Is is public? Is guest access allowed? Is it user or share level access?

When I'm diagnosing samba problems, I tend to work backwards. I make the samba drive wide open -- a public share, modifiable by everyone, share level access, guest ok, etc. Then when I can verify that everything is working, I slowly start locking it down one piece at a time.

pd

I agree with paperdiesel on the way you should go about diagnosing the problem. But I would still like to have a look at your smb.conf . Do you have valid users=<unix-name>
read only=no for each of those shares. Apart from this, all you need for a samba share to be writable is that the corresponding unix-user has write access to the local directory.

Thanks for the help guys...

After a few more frustrating hours I tried a clear install of FC4 and documented each of the steps I took and my smb.conf so hopefully someone can point out where I'm going wrong! Here goes...


updated: /etc/samba/smb.conf


[global]
workgroup = NETWORK
netbios name = DEV
security = share

[tmp]
comment = Tmp Share
path = /tmp
read only = No
guest ok = Yes

[share]
comment = Share
path = /share
read only = No
guest ok = Yes



created share & set permissions


[root@dev /]# mkdir share
[root@dev /]# chmod 777 share



created samba user


[root@dev /]# smbpasswd -a root



started samba


[root@dev /]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]



list shares


[root@dev /]# smbclient -L //localhost/ -Uroot%password
Domain=[NETWORK] OS=[Unix] Server=[Samba 3.0.14a-2]

Sharename Type Comment
--------- ---- -------
tmp Disk Tmp Share
share Disk Share
IPC$ IPC IPC Service (Samba 3.0.14a-2)
ADMIN$ IPC IPC Service (Samba 3.0.14a-2)
Domain=[NETWORK] OS=[Unix] Server=[Samba 3.0.14a-2]

Server Comment
--------- -------
DEV Samba 3.0.14a-2

Workgroup Master
--------- -------
NETWORK



connect to 'tmp' share and successfully mkdir


[root@dev /]# smbclient //localhost/tmp -Uroot%password
Domain=[NETWORK] OS=[Unix] Server=[Samba 3.0.14a-2]
smb: \> mkdir test
smb: \>



failed connection to 'share'


[root@dev samba]# smbclient //localhost/share -Uroot%password
Domain=[NETWORK] OS=[Unix] Server=[Samba 3.0.14a-2]
smb: \> mkdir test
NT_STATUS_ACCESS_DENIED making remote directory \test
smb: \>

You need to have the following in the global section
guest account=<unix-name>

Although having <unix-name> and root will work, its not advisable for obvious reasons.

Thanks for the response, but I've added this, restarted and still no joy...

Have you considered the possibility that "share" is a protected name in samba, and may not be available? Try creating a different directory -- one with a more obscure name. Go through the same process (short of reinstalling fedora...) and see what happens.

pd

Good point paperdiesel.
Also try removing security = share .

Ok, I've tried a share called "xyz" and still the same response.

On removing "security = share" I am unable to connect via smbclient.


[root@dev samba]# smbclient //localhost/xyz -Uroot%password
session setup failed: NT_STATUS_LOGON_FAILURE



this is getting rediculous... but thanks for the help!

mmm, any firewall, iptables or selinux enabled?

iptables, but open on samba ports and I've tried stopping it alltogether but get the same respone. I'm running smbclient from the box running samba anyway.

WAHEY it finaly works!!!!!!!

Turns out samba doesn't like shares other than /tmp/ in the root, tried /home/samba/ and works fine - surely I must have tried this already?!?!?

Thanks pd, mndar & mnisay. I probably would have just given up by now without your help!

I've struggled with this for ages. You've got to remember that the samba user doesn't just need read-access on the actual drive you're sharing, but also need *browse* rights on all the parent directories in the file hierarchy. I.e. If your shared resource is /home/percy/shared, the samba user (possibly 'nobody' for anonymous/guest connections) must have read permissions on 'shared' and *also* the 'x' bit must be set on both /home and /home/percy. Without this, the samba user cannot 'see' the shared resource, even if s/he has permissions for the share itself.

Glad to hear it works, man. That's strange that with root it only works in temp. I run samba as a normal user, though, so I never encountered that. I'll file this one away as "linux quirk #1,235,346".

pd

Ok, I had just accepted this as a bug and didn't care much as it was working now. But when it came to locking down the shares I ran into some more problems. Turns out there are some issues with SElinux on FC4 that cause problems with samba. I disabled SElinux to try and fix the other problems I was having, which has worked and everything is sweet now. So just out of curiosity I tried another share from the root of the filesystem again and it worked fine without SElinux. Ho-hum a big fat waste of time, but hopefully this will help someone else out...