Modifications of ACLs via Windows client

JM Bonnefond bon at
Mon Dec 3 07:46:03 GMT 2001


I'm trying to implement the XFS ACLs under samba 2.2.2.

I'd compiled a new kernel with xfs support and all the ACL functions 
(setfacl, getfacl, etc) works well.

I'd then compiled samba 2.2.2 with the --with-acl option, and it seems to be 
happy with that.

Now I'm trying to access the ACLs via windows clients. A client could 
modify the access right existing until it correspond to the unix rights, but 
when i try to modify others rights, like adding a user or a group in the 
ACLs, I got an "Unable to register the autorisation modification on the file 
foobar, Access denied" (approximative translation from french).

The rights declared in the ACL are well used because a user that is only 
declared in the ACL rights (not the primary(unix) rights) could acces a 
specific shared following the ACLs.

My question is, could we change the acl via the security panel of Windows, 
and if yes, what could I have done wrong?

Here is my global section of the smb.conf :

	workgroup = SMAD02
	netbios name = SMAD
	security = user
	nt acl support = yes
	encrypt passwords = Yes
	map to guest = Bad User
	null passwords = No
	log level = 1
	log file = /var/log/log.%h
	name resolve order = wins lmhosts host bcast
	time server = Yes
	deadtime = 5
	keepalive = 30
	domain admin group = samba @adm_info
	logon script = %U.bat
	logon drive = p:
	domain logons = Yes
	os level = 64
	preferred master = True
	domain master = True
	wins support = Yes
	kernel oplocks = No
	admin users = @adm_info
	create mask = 0770
	directory mask = 0770


More information about the samba-ntdom mailing list