winbind has broken samba share making it not accessible
I have samba share up and running which can be accessed by users from their Windows client PC’s. These users have local Linux accounts on the Samba server.
To control access I have a Linux security group called ‘accounts’ and permissions on the Samba directory called ‘shared’ are set as below:-
drwxrws--- 2 root accounts 4096 Feb 21 12:14 shared
I have now implemented windbind to give me Windows AD authentication and the above Samba share is no longer accessible. When I type \\samba server in Windows explorer the shared directory is displayed but when you try to go in to the directory I get an error saying the folder is not accessible and that I do not permission to use the network resource. If I set the Linux permissions to 777 I do not have an issue. I’ve tried adding ‘write list =domain name’ into smb.conf. I’ve also tried net groupmap my AD ‘accounts’ group to my Linux ‘accounts’ group. But all have failed. When I look in the samba logs I see the following:-
[2008/02/21 16:21:50, 0] smbd/service.c:set_current_service(184)
chdir (/u01/samba) failed
If I login via SSH using my AD domain account I can cd to /u01/shared without any issues.
If I disable winbind the share becomes accessible.
My smb.conf looks like:-
workgroup = EXAMPLE
realm = EXAMPLE.XXX.COM
server string = Production Server
security = ADS
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
printcap name = /etc/printcap
dns proxy = No
remote announce = xxx.xx.6.255 xxx.xx.3.255
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /xxxx/xxx/home/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
hosts allow = xxx.xx., 127.
cups options = raw
comment = Accounts
path = /u01/shared
write list = EXAMPLE.xx.COM\user
read only = No
create mask = 0774
browseable = No
can anybody suggest how I resolve this as I’m pulling my hair out trying to find a resolution even after lots of googling.