[Samba] Problem setting ACLs on files/folders... plz help!

Prajjwal prajjwal at wlink.com.np
Fri Jun 25 11:52:42 GMT 2004 

Hi

Did you build acl support into your kernel?

When you type smbd -b|grep -i acl, what kind of output do you get- you 
sure the acl support is compiled in properly into samba?

What kind of output do you get in your samba logs when and before you 
get the access denied messages?

Finally, I dont see any "nt acl support = yes" line in your smb.conf 
file-- why dont you add it in?

Regards
Prajjwal

Kirk Marple wrote:

> I'm running Samba on a Mac OS X server, and the server is a member of a
> Windows domain (Windows 2003).
>  
> Samba is setup for security=domain permissions.
>  
> I have opened up a file share to the Windows machines named AppDeployment.
> I'm able to open \\xserve\AppDeployment on a Windows server, and am able to
> create directories and copy files in there.   (Btw, when i attempt to "net
> use" that directory from Windows, I'm required to enter an account from the
> Mac server.)
>  
> Even if i login as 'root' on the Mac server when accessing that file share,
> when i try and change the permissions of a folder (i.e. add ACLs for a
> domain user via the Windows property page), I get an error dialog saying
> "Unable to save permission changes on <directory name>".  Access is denied."
> when i try and apply the changes.
>  
> any thoughts on what could be going wrong?  i'm pretty stuck!   
>  
> am i going about this the wrong way?   basically i want to setup Samba so i
> can have a file share on the Mac server that is exposed to the Windows
> servers in the domain, and the Windows servers can set ACLs on the
> files/folders using accounts in the domain.
>  
> thanks for any help!
> Kirk
>  
> --------------------
>  
> [global]
>         workgroup = <...>
>         password server = *
>         hide files = .Trashes/Temporary Items/Desktop
> */TheFindByContentFolder/TheVolumeSettingsFolder/.DS_Store/.AppleDouble/
>         display charset = UTF-8-MAC
>         print command = /usr/sbin/PrintServiceAccess printps %p %s
>         lprm command = /usr/sbin/PrintServiceAccess remove %p %j
>         security = domain
>         guest account = unknown
>         encrypt passwords = yes
>         printing = BSD
>         allow trusted domains = yes
>         preferred master = no
>         lppause command = /usr/sbin/PrintServiceAccess hold %p %j
>         netbios name = xserve
>         wins support = no
>         max smbd processes = 0
>         printcap =
>         server string = Mac OS X
>         lpresume command = /usr/sbin/PrintServiceAccess release %p %j
>         client ntlmv2 auth = yes
>         domain logons = no
>         lpq command = /usr/sbin/PrintServiceAccess jobs %p
>         passdb backend = opendirectorysam guest
>         dos charset = CP437
>         unix charset = UTF-8-MAC
>         socket options = SO_RCVBUF=64240
>         auth methods = guest ntdomain opendirectory
>         local master = no
>         use spnego = yes
>         map to guest = Bad User
>         domain master = no
>         printer admin = @admin, @staff
>         log level = 3
>  
> [AppDeployment]
>         oplocks = 0
>         map archive = no
>         path = /Volumes/<...>/AppDeployment
>         read only = no
>         inherit permissions = 1
>         strict locking = 1
>         comment = macosx
>         create mask = 0666
>         guest ok = 1
>         public = yes
>         writeable = yes
>         directory mask = 0777
>

More information about the samba mailing list