ACL half-working on win2k; can't add users

Ofer Nave ofer at
Fri Nov 16 18:00:00 GMT 2001

I managed to figure out the problem.  In case anyone is interested, I had
not noticed that samba must be configured with --with-acl-support before
being built (don't forget to compile/install the ACL utilities and run
ldconfig so the libacl is available).  I would have noticed it quicker if I
hadn't used the pre-built redhat rpm.

So i got the source rpm instead, added the configure option, and rebuilt the
rpm, installed, restarted smb, and it works now.


-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of Ofer Nave
Sent: Wednesday, November 14, 2001 1:36 PM
To: samba-ntdom at
Subject: ACL half-working on win2k; can't add users


I have a Red Hat 7.2 linux server with an ext3 partition being used as an
ext2 partition.  I used the stock 2.4.14 kernel, applied the EA/ACL patches
(, and installed it.  I can use getfacl and setfacl to get
and set all the advanced features of ACL.

I have the samba 2.2.1a package that came default with RH 7.2 modified to
act as a PDC.

I have a Windows 2000 workstation logging into the linux server with roaming
profiles and mounting several shares, including the user's home share.
Everything is working well so far.  If you right-click on a file and choose
the security tabs, you can see the permissions, and you can even modify the
owner, group, and other permissions (the standard unix permissions) and save

The Problem:

Assume I'm logged in to the windows machine as Joe.  Assume there's another
user in the domain named Jane.  If I right-click on a file I own and try to
add Jane in the security tab so that I can grant her write privileges on the
file, i get the error message 'Unable to save permission changes'.

So, basically, I can modify standard unix permissions from Windows 2000, but
I can't use the advanced ACL features.  Any ideas?

-Ofer Nave
 Chang Industry, Inc.

More information about the samba-ntdom mailing list