[Samba] Samba 3.0.4 acl problem
Prajjwal
prajjwal at wlink.com.np
Mon Jul 19 07:44:14 GMT 2004
Hi people
My problem is quite strange, and I am just sending this email to point
out another small oddity I noticed while setting acls. My server is
Samba 3.0.4, and I have acl support built into it as well as into the
2.4.24 kernel (patched with acl patch from acl.bestbits.at).
Here is the strange stuff that is going on:
Description of hosts:
Samba server:
i.p.-- a.b.c.d
netbios name-- test
dns name-- smbserv
samba configured as a PDC
ANOMALY: wbinfo -g returns some values that do not seem to be complete,
wbinfo -u returns "error looking up domain users"
Client: Windows XP Professional
Problem:
1. When I open a share on the server using the address \\a.b.c.d (server
i.p. address), I can easily view and set acls
2. When I open a share on the server using \\smbserv (server dns name),
I can still easily view and set acls
3. When I open a share on the server using \\test (server netbios name),
a. I can access shares and modify existing acls
b. When I try to add new acls for other users on files or
directories, I cannot search for any domain users in the
add->advanced->find now button of the properties dialog box, getting the
error message that multiple connections to a shared resource are not
possible.
c. After this, until I logout, I cannot set new acls even if I
login from \\a.b.c.d or \\test
4. If the netbios name and the dns name of the server are set to be the
same, then when I open the share using the dns name/netbios name, I
cannot set new acls.
I just wrote to mention that the problem just seems to be something with
netbios naming, as everything works fine while using dns names. I would
appreciate any suggestions for getting that working if you could help me
with that, anyway, I just wanted to add this new thing I had noticed.
Regards,
Prajjwal
Prajjwal wrote:
> Thanks Jerry
>
> I had checked most of the time using the netbios name of the samba host.
> I am using samba 3.0.4, and I do recall that I had been able to get the
> acls working for around a day even using the netbios names when I had
> been playing around with some settings. However, the acl display
> stopped working all of a sudden, and I have been perplexed as to why
> that happened.
>
> I tried setting up a very basic samba configuration with samba on two
> different machines, and I am getting the both result on both -- I can
> get the list of users when I logon to the host using the ip address, but
> I can't get the userlist when I use the netbios name. Modifying
> existing acl's works fine though.
>
> I am using a configuration that testparm labels as:
> "Server role: ROLE_DOMAIN_PDC"
> --guess that shouldn't be happening right?
>
> Would help a lot if any of you had any suggestions
>
> With best regards,
> Prajjwal
>
> Gerald (Jerry) Carter wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Prajjwal wrote:
>>
>> | I can view and modify any permissions on the existing
>> | files that are being shared. If setfacl has been used
>> | to grant additional users permissions, then those users
>> | are also displayed, and their permissions can also be set.
>> |
>> | However, if I try to add any new users to the acl, a
>> | dialog box pops up, asking me to provide it with the
>> | username and password of a user with permissions to modify on
>> | my domain, and when I supply the username and password, the
>> | dialog responds that multiple connections to the shared
>> | resource are not allowed, and it asks me to close all
>> | other connections before trying again.
>>
>> This is a 2k -> NT interoperability bug. We spent a good bit
>> of time on this before 3.0.0 was released. Don't rmember
>> the bug number right now. You can recreate the exact same
>> behavior between 2k and an nt4 standalone file server.
>>
>> There was no workaround except to use Samba as a PDC instead
>> of a standalone server. Or possibly to connect to share using
>> the IP of the Samba server instead (this causing the user
>> enumeration to the netbios name).
>>
>> Hope this helps.
>>
>>
>>
>> cheers, jerry
>> - ----------------------------------------------------------------------
>> Hewlett-Packard ------------------------- http://www.hp.com
>> SAMBA Team ---------------------- http://www.samba.org
>> GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
>> "...a hundred billion castaways looking for a home." ----------- Sting
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.4 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFA7ZTCIR7qMdg1EfYRAvFtAJ9ewgjYO8zG+a8RcttmW6X4JpJsjwCg8lQE
>> 8u3fEXoNnh/j7/klPeTalfk=
>> =K7ye
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
More information about the samba
mailing list