# Samba Permission Issue



## cesjr (May 8, 2014)

Hi everyone,

Below is my Samba configuration setting:

```
[Backup]
      comment = 備份區
      path = /backup/server
      browseable = yes
      valid users = @wheel
      admin users = @wheel
      read only = No
      create mask = 0664
      directory mask = 0775
      mangled names = No
      volume = Backup
```

And directory permission is: 
	
	



```
drwxrwxr-x  2 root  wheel  512  1  2  2009 /backup/server/
```

It should be working when I use \\192.168.1.1\Backup\ by @wheel privilege on Windows base system. The error message says 
	
	



```
I do not have  permission to access,not support this request
```

How should I fix this problem?

Below is my system info:

FreeBSD 9.1-RELEASE
samba36-3.6.16_1

```
Filesystem        Size    Used   Avail Capacity        Mounted on
/dev/ada0p3    388G     23G    333G     7%           /
devfs                1.0k    1.0k      0B   100%            /dev
JOY                   6.8T     16G    6.8T     0%           /JOY
JOY/SHARE       8.2T    1.4T    6.8T    17%          /JOY/SHARE
JOY/USER         7.0T    244G    6.8T     3%         /JOY/USER
```
Only the directory on / has problems, other like /JOY is my ZFS pool, is functional.


----------



## SirDice (May 8, 2014)

cesjr said:
			
		

> It should be working when I use \\192.168.1.1\Backup\ by @wheel privilege on Windows base system.


No, your user account must be a member of the wheel group on the FreeBSD side. Windows group membership has no influence here.


----------



## cesjr (May 9, 2014)

Thanks your help.  
I am sure user account is be a member of the wheel group on the FreeBSD side both in smbpasswd file.


----------



## SirDice (May 9, 2014)

Can you post the output of `testparm`?


----------



## cesjr (May 10, 2014)

```
Processing section "[Backup]"
Processing section "[JOY]"
Processing section "[資訊處共用區]"
Processing section "[測試1共用區]"
Processing section "[會計部共用區]"
Processing section "[測試2共用區]"
Processing section "[行銷部共用區]"
Processing section "[管理部共用區]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        unix charset = UTF8
        display charset = UTF8
        server string = Backup1  (%h Samba %v)
        passdb backend = smbpasswd
        username map = /usr/local/etc/users.map
        log file = /var/log/samba/%m.log
        max log size = 50
        name resolve order = lmhosts bcast host
        time server = Yes
        unix extensions = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        printcap name = /dev/null
        add group script = /usr/sbin/groupadd %g
        add machine script = /usr/sbin/pw useradd %u -g machines -s /sbin/nologin -d /nonexistent
        logon script = %g.bat
        logon path =
        logon drive = L:
        os level = 249
        local master = No
        domain master = No
        dns proxy = No
        remote announce = 192.168.1.255
        remote browse sync = 192.168.1.255
        nfs4:chown = yes
        nfs4:acedup = merge
        nfs4:mode = special
        idmap config * : backend = tdb
        hosts allow = 192.168.1., 127., 10.0.0.
        map acl inherit = Yes
        use sendfile = Yes
        printing = bsd
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j
        veto files = /riched20.dll/*.{*}/*.eml/*.nws/*.pif/*.com/*.lnk/autorun.inf/*.vmx/
        csc policy = disable
        vfs objects = zfsacl
```


----------



## SirDice (May 10, 2014)

You have a lot of unnecessary stuff enabled. Most of it can be stripped out for a normal standalone server. I'd start by cleaning up your smb.conf and only leave the bare essentials.


----------

