How to troubleshoot an ACL error?

Marty Sweet msweet.dev at gmail.com
Tue Mar 4 00:46:45 MST 2014 

Hi,

Has this config worked on previous versions of Samba?
If not it may be better in the Samba/Users mailing list.

I personally have never seen NT_STATUS_INVALID_ACL, and run two ACL
heavy traffic samba nodes. So will send you my working config if that
is the issue.

Kind regards,
Marty Sweet

On 3 March 2014 18:49, Peter Clark <pclark at pclark.com> wrote:
> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
> of testparm is:
>
> [global]
>         workgroup = SOMETHING
>         realm = SOMETHING.SOMETHING.COM
>         server role = active directory domain controller
>         passdb backend = samba_dsdb
>         server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, smb
>         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver, winreg, srvsvc
>         rpc_server:tcpip = no
>         rpc_daemon:spoolssd = embedded
>         rpc_server:spoolss = embedded
>         rpc_server:winreg = embedded
>         rpc_server:ntsvcs = embedded
>         rpc_server:eventlog = embedded
>         rpc_server:srvsvc = embedded
>         rpc_server:svcctl = embedded
>         rpc_server:default = external
>         idmap_ldb:use rfc2307 = yes
>         idmap config * : backend = tdb
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
>         vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
>         path =
> /usr/local/samba/var/locks/sysvol/something.something.com/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> [homes]
>         path = /home
>         read only = No
>
> I can run lists:
>
>  smbclient -L localhost -U%
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
>
>         Sharename       Type      Comment
>         ---------       ----      -------
>         netlogon        Disk
>         sysvol          Disk
>         homes           Disk
>         IPC$            IPC       IPC Service
> localhost is an IPv6 address -- no workgroup available
> [pclark at c3po ~]$
>
> However when I log in as a user and try to go into my homedir:
>
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
> smb: \> dir
>   .                                   D        0  Sun Mar  2 11:06:09 2014
>   ..                                  D        0  Mon Mar  3 03:44:25 2014
>   pclark                              D        0  Mon Mar  3 13:36:36 2014
>
>                 34001 blocks of size 8388608. 13463 blocks available
> smb: \> cd pclark
> cd \pclark\: NT_STATUS_INVALID_ACL
> smb: \>
>
> getfacl shows:
> getfacl pclark
> # file: pclark
> # owner: pclark
> # group: root
> user::rwx
> group::rwx
> other::r-x
>
> When I try and bring up the folder on a Windows system the security tab
> only has an X with an error message that says the "security information is
> unavailable or cannot be displayed", even when logged into the domain as
> Administrator.
>
> My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
> sure how to troubleshoot this further, any thoughts on how to reset the
> acl to a baseline that can be later edited (or, what did I do wrong here?)
> would be appreciated.
>
> Thanks,
>

More information about the samba-technical mailing list