I am setting up a samba active directory server (inside fmstrat docker container) on ubuntu server 22.04.
After some trial on error I achieved:
- hosting an AD server on my ubuntu server
- joining a windows client (win11)
- joining two linux clients (ubuntu 23.04, 23.10)
- joiing my NAS
- sharing some directories from ubuntu server through volume mappings and host them in samba (smb.conf)
My problem is with the last step. I can:
- access the share from windows AD client (read/write/create)
- view the share from linux clients
But I am not able to create any new files on the samba share from linux client. I am completely stuck and going in circles. Hoping for some advice / pointers from this community. (if this is the wrong place, please tell me).
On ubuntu server I have a couple of directories I want to share (~/services/openhab/conf, ~/services/openhab/userdata).
On the same server, the samba docker container is running. The directories I want to share are volume mapped.
services:
samba:
image: nowsci/samba-domain
container_name: samba
volumes:
- [some other volume mappings
- /home/localadmin/services/openhab/conf:/shares/openhab/conf
- /home/localadmin/services/openhab/userdata:/shares/openhab/userdata
On the ubuntu server side, these files are owned by the openhab user (local account).
localadmin@dc:~/services/openhab$ ls -l
total 16
drwxrwxrwx 2 openhab 993 4096 Apr 6 18:35 addons
drwxrwxrwx 14 openhab 993 4096 Apr 7 10:37 conf
-rw-rw-r-- 1 localadmin localadmin 590 Apr 6 18:30 docker-compose.yml
drwxrwxrwx 11 openhab 993 4096 Apr 7 10:37 userdata
Inside the docker container, the files are owned by a numbered user and group (no clue who this is, I am guessing some default start index of AD users?)
root@dc:/# ls -l /shares/openhab/
total 8
drwxrwxrwx 14 998 993 4096 Apr 7 10:37 conf
drwxrwxrwx 11 998 993 4096 Apr 7 10:37 userdata
And finally, in smb.conf, the shares are defined as follow:
[Openhab-conf]
path = /shares/openhab/conf
read only = no
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
browseable = yes
valid users = "@sb.landomain users"
force group = "Domain Users"
[Openhab-userdata]
path = /shares/openhab/userdata
read only = no
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
browseable = yes
When I mount the share from linux client which successfully joined the domain:
(in fstab)
//192.168.1.100/Openhab-conf /media/openhab-conf cifs credentials=/home/bp@sb.lan/creds/ad.credentials,vers=2.0 0 0
I can see the share and list all files, but when I try to create a file in any folder inside the share, I get the following error:
bp@sb.lan@bas-hp:~$ touch /media/openhab-conf/scripts/test.txt
touch: cannot touch '/media/openhab-conf/scripts/test.txt': Permission denied
When I ls -l on the mount:
bp@sb.lan@bas-hp:~$ ls -l /media/openhab-conf/
total 4
drwxr-xr-x 2 root root 0 apr 6 20:35 automation
drwxr-xr-x 2 root root 0 apr 7 20:47 html
drwxr-xr-x 2 root root 0 apr 6 20:30 icons
drwxr-xr-x 2 root root 0 apr 7 12:37 items
drwxr-xr-x 2 root root 0 apr 7 12:37 rules
drwxr-xr-x 2 root root 0 apr 7 12:37 scripts
drwxr-xr-x 2 root root 0 apr 7 12:37 services
drwxr-xr-x 2 root root 0 apr 7 12:37 sitemaps
drwxr-xr-x 2 root root 0 apr 7 12:37 sounds
drwxr-xr-x 2 root root 0 apr 7 12:37 tags
drwxr-xr-x 2 root root 0 apr 7 12:37 things
drwxr-xr-x 2 root root 0 apr 7 12:37 transform
-rwxr-xr-x 1 root root 92 apr 7 12:37 workspace.code-workspace
I can see these files are owned by root/root. I can sudo chown -R bp@sb.lan /media/openhab-conf
but this doesn’t affect the ownership shown by ls -l.
Again, the shares works perfectly fine on a windows machine which has joined the same AD.
I have no clue what the problem is. I am guessing on linux side since I can access the share without issues from windows client. So that suggests to me that ubuntu server => samba docker is working fine. But on the other hand, I tried to overrule all permissions on linux side to no avail….
Any advise would be greatly appreciated!