Imagine the following scheme:
+--------------+ +----------+ | Synology NAS | <------- | Client 1 | +--------------+ +----------+ ^ | | +---------+ +----------+ | Proxy 1 | <---------- | Client 2 | +---------+ +----------+ I have Synology NAS with shared folder, let's call it External. Also I have two users who have access to this folder: user1 and userproxy. Both users have R+W access with the only exception that deletion operations are prohibited (in Synology terms these modes are called Delete and Delete subfolders and files).
Client 1 can connect to the NAS directly via login user1 and all permissions work as they should (tested both on Linux and Windows, if that matters): read and write works, renaming and deletion not. Also directory creation work as expected.
Client 2 has no direct access to the NAS (because of network architecture and restrictions) but instead it can access Proxy 1 intermediate server. Proxy 1 has direct access to the NAS via login userproxy. So to make passthrough of this External share for the Client 2 possible I've mounted this share on Proxy 1 with CIFS (fstab excerpt):
//Synology/External /srv/samba/external cifs user=userproxy,password=supersecret,iocharset=utf8,uid=user2,gid=user2,noserverino,mfsymlinks,_netdev,nofail,vers=3.0 and set up Samba server with the only share available:
[global] workgroup = WORKGROUP netbios name = proxy1 interfaces = 172.16.0.2 bind interfaces only = yes hosts allow = 172.16.0.0/255.255.255.0 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes show add printer wizard = no log file = /srv/log/samba/%m.log max log size = 1000 log level = 2 dns proxy = no server role = standalone security = user map to guest = Bad User server min protocol = SMB2_10 server smb encrypt = desired [External] path = /srv/samba/external comment = Common directory for file exchange writable = yes printable = no browseable = yes create mode = 0644 force create mode = 0644 directory mode = 0755 force directory mode = 0755 valid users = user2 Actual directory /srv/samba/external belongs to user2:user2 with mode 755.
Client 2 is able to connect Proxy 1 with user2 login, read and write files, can't delete them (so far so good) BUT it can't create directories at all (tested on Windows and Linux)! It's the opposite of what's observed on Client 1. I suspect that the key may lie within CIFS mount options or ACLs on Proxy 1 but I can't find something special in smb.conf manual.
Are there something more that I'm missing? Is the CIFS mount passthrough viable option at all?
