# Samba users cannot open files

## Joe_Sextus

I'm having a weird issue with samba. I have integrated it with Active Directory (loosely following this guide http://www.gentoo-wiki.info/HOWTO_Active_Directory_with_Samba_and_Winbind). The problem I have is that when I connect to the samba server from windows, I can create, rename, delete and save a new document to the share but I can not open it back up (notepad says Access is denied).

Here is the permissions on the file as set by samba

```
-rwxr--r-- 1 jbyfield domain users    4 Jan  5 15:11 New Text Document.txt
```

And here is my smb.conf file (I replace my domain name with DOMAIN)

```

[global]

   workgroup = DOMAIN

   realm = DOMAIN.ORG

   preferred master = no

   netbios name = PLG64FS008

   server string = PLG64FS008

   security = ads

   winbind enum users = yes

   winbind enum groups = yes

   winbind use default domain = Yes

   winbind nested groups = Yes

   idmap uid = 10000-20000

   idmap gid = 10000-20000

   vfs object = vscan-clamav

   vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

   log file = /var/log/samba/log.%m

   max log size = 1000

   encrypt passwords = true

   passdb backend = tdbsam

   obey pam restrictions = yes

   invalid users = root

   unix password sync = yes

   passwd program = /usr/bin/passwd %u

   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes

   map to guest = bad uid

   socket options = TCP_NODELAY

   template shell = /bin/bash

   guest account   = nobody

[sme]

        comment         = Successmaker Content

        path            = /data/sme

        Valid Users     = @"DOMAIN\domain users"

        guest ok        = no

#       guest only      = yes

        browseable      = yes

        writeable       = yes

[homes]

        comment         = Home Directories

        valid users     = %S

        read only       = no

        browseable      = no

[printers]

        comment         = All Printers

        browseable      = no

        printable       = yes

        guest ok        = yes

```

I know this is a samba problem because is I su to jbyfield I can access the files from console with out any problems. Can somebody point out what I an missing?

----------

## honp

And what rights do you have on upper directory?

----------

## Joe_Sextus

/data

```
drwxrwxrwx   4 jbyfield domain users      4096 Jan  5 08:25 data

```

/data/sme

```
drwxrwxrwx 6 jbyfield domain users  4096 Jan  5 15:11 sme

```

----------

## honp

Samba has very good log system. Try to look at this logs, maybe you can find something.

----------

## Joe_Sextus

I change the log level to 2 and now I see this in the log for my client when I try to open the file.

```
[2010/01/06 14:39:22, 2] auth/auth.c:check_ntlm_password(309)

  check_ntlm_password:  authentication for user [JByfield] -> [JByfield] -> [MPSI20\jbyfield] succeeded

[2010/01/06 14:39:22, 2] lib/module.c:do_smb_load_module(64)

  Module '/usr/lib64/samba/vfs/vscan-clamav.so' loaded

[2010/01/06 14:39:22, 1] smbd/service.c:make_connection_snum(1042)

  best-hlp2k3 (10.100.10.15) connect to service sme initially as user MPSI20\jbyfield (uid=10000, gid=10002) (pid 8192)

[2010/01/06 14:39:25, 2] smbd/open.c:open_file(391)

  JByfield opened file New Text Document.txt read=No write=No (numopen=2)

[2010/01/06 14:39:25, 2] smbd/close.c:close_normal_file(406)

  MPSI20\jbyfield closed file New Text Document.txt (numopen=1) NT_STATUS_OK

```

----------

## honp

Probably this is not the reason (i think you can have both), but in my smb.conf there is writable instead of writeable... Try (sorry i dont have a time to check it...)

----------

## Joe_Sextus

I tried changing that and it did not make a difference. 

I know I have done this before (over a year ago) using this same guide and it worked flawlessly. Unfortunately the previous server does not exist anymore.

----------

## Joe_Sextus

I found the problem. Clamd was not running and samba was set to deny access if clamd was not running.

----------

