acls NT_STATUS_ACCESS_DENIED
hakim
hakim at mandrakesoft.Com
Wed Dec 1 11:04:16 GMT 2004
Hi,
When i make acls i have some time NT_STATUS_ACCESS_DENIED
smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1081:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1080:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NT_TRANSACT_SET_SECURITY_DESC failed
ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED
I make more acls but a lot of make NT_STATUS_ACCESS_DENIED.
the SID of S-1-5-21-1688021309-183578045-1594628879-1081:
ldapsearch -x SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# requesting: ALL
#
# loc2, Group, example.com
dn: cn=loc2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc2
gidNumber: 1602
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1081
sambaGroupType: 4
displayName: loc2
memberUid: Administrateur
memberUid: d
memberUid: e
memberUid: f
memberUid:: SW52aXTDqQ==
memberUid: IUSR_NT2
memberUid: misc
the SID of S-1-5-21-1688021309-183578045-1594628879-1080:
# loc, Group, example.com
dn: cn=loc,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1080
sambaGroupType: 4
displayName: loc
memberUid: Administrateur
memberUid: b
memberUid: d
memberUid: e
memberUid: f
memberUid: IUSR_NT2
memberUid: misc
gidNumber: 1601
# search result
search: 2
result: 0 Success
I can see on the log:
# numResponses: 2 unix_mode(oooo.bmp) inheriting from .
[2004/12/01 13:33:45, 2] smbd/dosmode.c:unix_mode(68)
unix_mode(oooo.bmp) inherit mode 40711
[2004/12/01 13:33:45, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(oooo.bmp) returning 0700
[2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421)
set_canon_ace_list: sys_acl_set_file type file failed for file
oooo.bmp (Invalid argument).
[2004/12/01 13:33:45, 3] smbd/posix_acls.c:set_nt_acl(3102)
set_nt_acl: failed to set file acl on file oooo.bmp (Invalid
argument).
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(105)
error string = Invalid argument
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(129)
error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2004/12/01 13:33:45, 3] smbd/process.c:process_smb(1092)
# numEntries: 1
THanks
More information about the samba-technical
mailing list