Problems with ACL's?

Ricky Nance ricky.nance at
Tue Feb 19 11:11:54 MST 2013

Hey Charles, I noticed this the other day and hadn't sat down to write a
mail about it yet, but I think the culprit are the following lines in

file = tempfile.NamedTemporaryFile(dir=os.path.abspath(paths.sysvol))
                smbd.set_simple_acl(, 0755, root_gid)

So essentially, what happens here is that it places a temp file on the
sysvol directory and checks that the ACL's work. I would assume (though I
haven't tested this yet, that if you set the path= line in your [sysvol]
share to a filesystem with ACL's this would work, AND this is required
anyway for GPO's to function correctly. However, provision is starting with
a clean slate so your config doesn't yet exist, so you can't set that
path.... I think maybe a --sysvolpath switch could be useful here. Any devs
willing to weigh in here?


On Tue, Feb 19, 2013 at 11:33 AM, Charles Tryon <charles.tryon at>wrote:

> I've been away from this list for a while so it's altogether possible that
> I've missed something in the discussions here, but running into a problem
> with ACL support that I haven't been able to sort out.
> I'm building on two different bases: One is a FC16 based server which was
> running very well as a Samba4 server right up through the 4.0.0 release.
>  The other is a CentOS 6.3 server installed as a "minimal server"
> configuration, which means it's missing a LOT of the extra packages that
> you'd usually see on a vanilla system.  I was thinking that the problem was
> some missing development library, but I have since found that BOTH systems
> are exhibiting the same error.
> I have gone through the HOWTO again to make sure I haven't missed any setup
> steps.  In particular, I've run through the OS requirements page for
> required RPM packages, and the xattr test steps.  I'm made sure that my
> /etc/fstab lines for the various ext4 physical file systems have the
> "user_xattr,acl,barrier=1" attributes.  The setgattr and getfattr tests
> return exactly the results that are shown in the Wiki page.
> touch test.txt
> setfattr -n user.test -v test test.txt
> setfattr -n security.test -v test2 test.txt
> getfattr -d test.txt
> getfattr -n security.test -d test.txt
> touch test3.txt
> setfacl -m g:adm:rwx test3.txt
> getfacl test3.txt
> HOWEVER, on both the system which was running fine before, and on the new
> system, I get the exactly the same response when I try to run the
> provisioning step:
> ldb: module schema_load initialization failed : No such object
> ldb: module rootdse initialization failed : No such object
> ldb: module samba_dsdb initialization failed : No such object
> ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
> samdb_connect failed
> VFS connect failed!
> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed -
> ProvisioningError: Your filesystem or build does not support posix ACLs,
> which s3fs requires.  Try the mounting the filesystem with the 'acl'
> option.
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/",
> line 398, in run
>     use_rfc2307=use_rfc2307, skip_sysvolacl=False)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/",
> line 2052, in provision
>     raise ProvisioningError("Your filesystem or build does not support
> posix ACLs, which s3fs requires.  Try the mounting the filesystem with the
> 'acl' option.")
> ? uname -a
> Linux 3.6.11-4.fc16.x86_64 #1 SMP Tue Jan 8 20:57:42
> 2013 x86_64 x86_64 x86_64 GNU/Linux
> Any ideas where I should be looking?
> --
>     Charles Tryon
> _________________________________________________________________________
>   “Risks are not to be evaluated in terms of the probability of success,
> but in terms of the value of the goal.”
>                 - Ralph D. Winter


More information about the samba-technical mailing list