smb.conf option "force unknown acl user"
more
more0401 at gmail.com
Fri Sep 7 07:11:43 GMT 2007
Here I send the related log messages for supplement:
This is for "force unknown acl user=no" and the windows client changes the
owner to "Domain Admins" (S-1-5-21-2817898210-749724046-1069133619-512):
[2007/09/07 15:00:02, 3] smbd/process.c:process_smb(1194)
Transaction 409 of length 136
[2007/09/07 15:00:02, 3] smbd/process.c:switch_message(993)
switch message SMBnttrans (pid 22911) conn 0x841b148
[2007/09/07 15:00:02, 3]
smbd/nttrans.c:call_nt_transact_set_security_desc(2094)
call_nt_transact_set_security_desc: file = 1.txt, sent 0x1
[2007/09/07 15:00:02, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(43)
[ 0]: lookupsid S-1-5-21-2817898210-749724046-1069133619-512
[2007/09/07 15:00:02, 3]
nsswitch/winbindd_async.c:winbindd_dual_lookupsid(589)
[18266]: lookupsid S-1-5-21-2817898210-749724046-1069133619-512
[2007/09/07 15:00:02, 3] nsswitch/winbindd_ads.c:sequence_number(864)
ads: fetch sequence_number for PLA-ZHUHAI
[2007/09/07 15:00:02, 3] nsswitch/winbindd_rpc.c:msrpc_sid_to_name(303)
sid_to_name [rpc] S-1-5-21-2817898210-749724046-1069133619-512 for domain
PLA-ZHUHAI
[2007/09/07 15:00:02, 3] smbd/posix_acls.c:unpack_nt_owners(936)
unpack_nt_owners: unable to validate owner sid for
S-1-5-21-2817898210-749724046-1069133619-512
[2007/09/07 15:00:02, 3] smbd/error.c:error_packet(146)
error packet at smbd/nttrans.c(2101) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2007/09/07 15:00:02, 3] smbd/process.c:process_smb(1194)
Transaction 410 of length 45
[2007/09/07 15:00:02, 3] smbd/process.c:switch_message(993)
switch message SMBclose (pid 22911) conn 0x841b148
[2007/09/07 15:00:02, 3] smbd/reply.c:reply_close(3372)
close fd=-1 fnum=4355 (numopen=2)
And this is for "force unknown acl user=yes" (samba uses the connected user
S-1-5-21-2817898210-749724046-1069133619-1119 as the owner
S-1-5-21-2817898210-749724046-1069133619-512):
[2007/09/07 15:08:41, 1] smbd/ntmode.c:ntmode_getmode(121)
ntmode_getmode: ONLINE /exports/lv0/share0/1.txt
[2007/09/07 15:08:41, 3] smbd/process.c:process_smb(1194)
Transaction 317 of length 136
[2007/09/07 15:08:41, 3] smbd/process.c:switch_message(993)
switch message SMBnttrans (pid 24873) conn 0x9f2cdf8
[2007/09/07 15:08:41, 3]
smbd/nttrans.c:call_nt_transact_set_security_desc(2094)
call_nt_transact_set_security_desc: file = 1.txt, sent 0x1
[2007/09/07 15:08:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(43)
[ 0]: lookupsid S-1-5-21-2817898210-749724046-1069133619-512
[2007/09/07 15:08:41, 3]
nsswitch/winbindd_async.c:winbindd_dual_lookupsid(589)
[24088]: lookupsid S-1-5-21-2817898210-749724046-1069133619-512
[2007/09/07 15:08:41, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(193)
fetch sid from uid cache 431119 ->
S-1-5-21-2817898210-749724046-1069133619-1119
[2007/09/07 15:08:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(267)
fetch sid from gid cache 400713 ->
S-1-5-21-2817898210-749724046-1069133619-513
[2007/09/07 15:08:41, 3] smbd/process.c:process_smb(1194)
Transaction 318 of length 45
[2007/09/07 15:08:41, 3] smbd/process.c:switch_message(993)
switch message SMBclose (pid 24873) conn 0x9f2cdf8
[2007/09/07 15:08:41, 3] smbd/reply.c:reply_close(3372)
close fd=-1 fnum=8702 (numopen=1)
Regards,
More
-----Original Message-----
From: more [mailto:more0401 at gmail.com]
Sent: Friday, September 07, 2007 2:27 PM
To: samba-technical at samba.org; samba at lists.samba.org
Subject: smb.conf option "force unknown acl user"
Hi all,
I noticed that, if the windows user sets a domain group SID as the
file owner SID, samba will report error if "force unknown acl
user=no". From the source (samba 3.0.25c), it dues to that samba fails
to map the domain group SID as a valid UID.
I think the current solution is that to use "force unknown acl
user=yes". But I think it is not the best solution for this case, why
not let samba set the owner group instead of reporting error if he
detects the owner user is a domain group?
Thanks for any help.
More
More information about the samba-technical
mailing list