How to troubleshoot an ACL error?
Marty Sweet
msweet.dev at gmail.com
Tue Mar 4 00:46:45 MST 2014
Hi,
Has this config worked on previous versions of Samba?
If not it may be better in the Samba/Users mailing list.
I personally have never seen NT_STATUS_INVALID_ACL, and run two ACL
heavy traffic samba nodes. So will send you my working config if that
is the issue.
Kind regards,
Marty Sweet
On 3 March 2014 18:49, Peter Clark <pclark at pclark.com> wrote:
> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
> of testparm is:
>
> [global]
> workgroup = SOMETHING
> realm = SOMETHING.SOMETHING.COM
> server role = active directory domain controller
> passdb backend = samba_dsdb
> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, smb
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver, winreg, srvsvc
> rpc_server:tcpip = no
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> map archive = No
> map readonly = no
> store dos attributes = Yes
> vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
> path =
> /usr/local/samba/var/locks/sysvol/something.something.com/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [homes]
> path = /home
> read only = No
>
> I can run lists:
>
> smbclient -L localhost -U%
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
>
> Sharename Type Comment
> --------- ---- -------
> netlogon Disk
> sysvol Disk
> homes Disk
> IPC$ IPC IPC Service
> localhost is an IPv6 address -- no workgroup available
> [pclark at c3po ~]$
>
> However when I log in as a user and try to go into my homedir:
>
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
> smb: \> dir
> . D 0 Sun Mar 2 11:06:09 2014
> .. D 0 Mon Mar 3 03:44:25 2014
> pclark D 0 Mon Mar 3 13:36:36 2014
>
> 34001 blocks of size 8388608. 13463 blocks available
> smb: \> cd pclark
> cd \pclark\: NT_STATUS_INVALID_ACL
> smb: \>
>
> getfacl shows:
> getfacl pclark
> # file: pclark
> # owner: pclark
> # group: root
> user::rwx
> group::rwx
> other::r-x
>
> When I try and bring up the folder on a Windows system the security tab
> only has an X with an error message that says the "security information is
> unavailable or cannot be displayed", even when logged into the domain as
> Administrator.
>
> My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
> sure how to troubleshoot this further, any thoughts on how to reset the
> acl to a baseline that can be later edited (or, what did I do wrong here?)
> would be appreciated.
>
> Thanks,
>
More information about the samba-technical
mailing list