Why can't my Windows clients write to my Samba shares (Unbuntu 14.04)
 

I'm struggling with Samba with a new NAS/Media server I am trying to build. I have created some shares on my Unbuntu server with Samba that are visible and browseable from my home Windows 8.1 clients but when I try to write to any of them I receive a "try again" error.

I want to be able to copy files from my PC to my new Unbuntu server's shares. For now I have one user only on my Unbuntu server that's in the sudo group. From Windows I have tried to map network drive with "different credentials" but no matter what I try from Windows I still can't copy or move files from Windows to the shares.

Thank you

What does your Samba configuration look like? It's probably a simple permissions issue. Either the users that are connecting via Samba don't have write permission to the shared directories, or they're connecting as a guest and the guest user doesn't have write permission to the shared directories.

I appreciate the reply. I think everything is correct. But here in my Samba Conf file:

#======================= Global Settings =======================

[global]
panic action = /usr/share/samba/panic-action %d
security = user
usershare allow guests = yes
server string = %h server (Samba, Ubuntu)
wins support = true
os level = 20
workgroup = WORKGROUP
unix password sync = yes
syslog = 0
log file = /var/log/samba/log.%m
winbind use default domain = yes
encrypt passwords = yes
map to guest = bad user
server role = standalone server
pam password change = yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
winbind trusted domains only = yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
dns proxy = no
obey pam restrictions = yes
max log size = 1000

; wins server = w.x.y.z
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = yes

; logon path = \\%N\profiles\%U
; logon drive = H:
; logon script = logon.cmd
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############
; include = /home/samba/etc/smb.conf.%m
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

#======================= Share Definitions =======================
;[homes]
; comment = Home Directories
; browseable = no
; read only = yes
; create mask = 0700
; directory mask = 0700
; valid users = %S
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes

;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
; write list = root, @lpadmin


[Media]
valid users = kiniku
writeable = yes
path = /media
public = yes

Are you connecting to the samba share as kiniku, and does kiniku have write access to /media?

Kiniku is the original account I created when the server started. I've been using it for "sudo" admin functions as well. So I assumed that account had admin/write access to everything created by default. It's probably the only account I'll ever use on the server as I only want the server for media serving/streaming and storage of personal documents/data in more a NAS function.

Do I need to specifically grant permissions to the media folder/shares?

Thank you for your time.

Also if I may, I will be potentially storing sensitive personal data in one of the shares. So I would prefer not to make the server's shares and folders "wide open" just to gain simple full access. I am running this server for my home and I have one Windows 8.1 box I use for daily work. On that I am just in a default "workgroup" group. Is there a way that Samba can use my Windows 8.1 local accounts for authentication and access on the Unbuntu server side transparently so I could use my existing Windows account credentials on the Unbuntu server? I am not running a WINS server, DC or anything at home.

Ignore sudo, Samba does not use it, neither does any other service. Linux is not like Windows where user accounts can be either "regular" or "admin". Ubuntu is trying they're damnedest to make it that way, but thankfully it's not catching on. User accounts are just user accounts, root is root. Your user account also happens to be in the sudoers file, which allows you to escalate yourself to root when you use the "sudo" command and type in your password, but that is a completely separate topic and should be ignored.

If you want to be able to write to a directory as your user, you need to make sure that your user has write access to that directory, without having to escalate to super-user (sudo) privileges.

---------- Post added 02-16-15 at 03:18 PM ----------

I don't know enough about Windows to answer that.

Also if you're using selinux you have to configure selinux to allow samba to use the /media directory.

Suicidaleggroll that explanation helped me understand a great deal why this wasn't working. As it stands the kiniku account by default only has ownership of it's home folder and anything I put within it. What threw more confusion into it is I have been using webmin and I guess webmin does it's commands as root or at least elevated higher. But any changes I made such as folder creations or mountings under webmin did not guarantee my kiniku user could write or even see/access them because the kiniku user it seems can only see within it's home folder. Once I figured that out I was able to get things working properly now that I understand the limitations of this user. With Windows your first user that is created during install is God. So your explanation helped me understand that wasn't the case with unbuntu.

Also changing the folder attribute from 755 to 775 made them all visible, accessible, and writable to Windows. So now Windows can see and write to them. Finally! But I have one issue now:



I have unbuntu installed on a single 256GB drive. So of course my kiniku home folder resides there too. But I have a two 1TB drives that are unused. I would like to store my NAS and Media data on one of those empty drives AND allow the kiniku user to have full access to them. So I created a partition on one 1TB drive and mounted it in a new folder I had made in the home/kiniku folder named "data". But once made I can only see it. Its locked down because only "nobody" owns it. So my kiniku account cannot make changes to it in any way.

How can I add this entire drive so that my unbuntu kiniku account has read/write/exec administration permissions on it? It can be mounted anywhere as far as I am concerned.

I'm not sure how to do it with Webmin, but if you chown and chmod the mount point of the partition from the command line, your user account will be able to write to it. Since you have the partition mounted on /home/kiniku/data from what you've said, the following command should give all access to the kiniku user and no access to anyone else:

You might want to consider reading a short tutorial on *nix-style permissions, which will help you understand the chown and chmod commands a bit better.

That did the trick. This project has really come along well. Thank you all for the replies.