ACL inheritance mess with win2k clients...

ZINKEVICIUS,MATT (HP-Loveland,ex1) matt.zinkevicius at
Wed Oct 2 22:08:01 GMT 2002

I think he would win the quarter :-) Never setting those bits is exactly
what tells the client that we're using NT4 style inheritance. See my NT
security semantics patch which set these bits when appropriate.


> -----Original Message-----
> From: jra at [mailto:jra at]
> Sent: Wednesday, October 02, 2002 2:15 PM
> To: Eric Lee Steadle
> Cc: Jim McDonough; samba-technical at
> Subject: Re: ACL inheritance mess with win2k clients...
> On Wed, Oct 02, 2002 at 04:05:45PM -0400, Eric Lee Steadle wrote:
> > >Ok - so how does the W2K client "know" it's talking to a W2K or NT
> > >server ? Any idea what criteria a W2K client uses to check ?
> > 
> > 
> > Well, I'm pretty sure it (the client) checks for one or 
> more w2k specific
> > flags: SE_DACL_AUTO_INHERITED, or perhaps 
> SE_DACL_PROTECTED. Jim said that the
> > client sets the SE_DACL_AUTO_INHERITED flag, (which is not 
> honored by Samba,
> > nor would it be by NT4) then it queries for those flags 
> again. I'd bet a
> > quarter that it (the client) is trying to determine what 
> ACL inheritence
> > mechanism is being used by the server.
> You'd lose that quarter.... Samba never sets any of these flags, so
> the client cannot be using their presense to determine if we support
> W2K or NT ACLs.
> Jeremy.

More information about the samba-technical mailing list