XFS ACL Samba

Nicolas Scaut nicolas.scaut at province.namur.be
Thu Aug 14 13:59:48 GMT 2003 

Hello, 

- I install a SUSE 8.1 with XFS filesystem

- After, I install samba 2.2.8a (--with-acl-support et -with-winbind). 
- Then I configure it to become a domain member.  It seems to be ok (wbinfo -t etc).



Here is my smb.conf : 


 



[global] 
        # Options des logs 
        log file = /var/log/samba/log.samba 
        debug level = 4 

        # General 
        netbios name = myxfs 
        server string = Serveur XFS 
        workgroup = a 
        os level = 65 
        nt acl support = Yes 
        nt support = yes 
        wins server = xxxxx 


        # Authentification 
        security = DOMAIN 
        encrypt passwords = yes 
        password server = xxxxx 
        unix password sync = yes 
        smb passwd file = /etc/samba/smbpasswd 
        passwd chat = *New* %n\n *Re* %n\n *pa* 
        username map = /etc/samba/user.map 


        # Réseau windows 
        domain master = false 
        preferred master = yes 
        winbind uid = 500-20000 
        winbind gid = 500-20000 
        winbind enum users = yes 
        winbind enum groups = yes 
        winbind cache time = 15 

        # Logon 
        passwd program = /usr/bin/passwd %u 
        template shell = /bin/bash 


[student] 
        path = /ns/student 
        comment = Répertoire étudiants 
        valid users = a\etu1,a\Administrateur 
        admin users = a\Administrateur 
        revalidate = yes 
        available = yes 
        browseable = yes 
        writeable = yes 
        directory mask = 700 
        force directory mode = 700 
        create mask = 700 
        force create mode = 700 



When I use the a\Administrateur account, I can browse the « student » directory and I can modifie the access permissions (via option security in windows).

I set the full control for the user a\etu1

Lorque je suis loggué en tant que a\Administrateur sur une machine windows, j'arrive à accéder à "student" et à rajouter des permissions (via l'onglet sécurité). Je rajoute une permission pour etu1 (full control) 




When I use the a\etu1 account, I can't browse the « student » directory.

 

Result of a «  getfacl * » : 


 



# file: student 
# owner: a\administrateur 
# group: a\Admins du domaine 
user::rwx 
user:a\etu1:rwx 
group::rwx 
mask::rwx 
other::--- 
default:user::rwx 
default:user:a\etu1:rwx 
default:group::r-- 
default:mask::rwx 
default:other::--- 



The samba logfile :  


Code:



smbd/service.c:make_connection(603) 
  pcsit00 (172.16.45.230) Can't change directory to /ns/student (Permission denied) 
smbd/sec_ctx.c:set_sec_ctx(329) 
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 
smbd/connection.c:yield_connection(48) 
  Yielding connection to student 
smbd/error.c:error_packet(91) 
  error string = Permission denied 
smbd/error.c:error_packet(110) 
  error packet at smbd/reply.c(165) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME 



If a change the smb.conf to set a\etu1 in into a admin users, then I can browse the « student » folder but, in this case the acl is not usefull because when I change it (no access for a\etu1), it has no effect !!!!

 

 

I really want to permit to a\Administrateur to manage shared folders and permissions in windows without see that it's a linux server. 



Can you help me ?

 

Nicolas Scaut

More information about the samba-technical mailing list