How to troubleshoot an ACL error?

Peter Clark pclark at pclark.com
Tue Mar 4 06:55:04 MST 2014


Hi,

I'll put a post over there as well but yes, this setup had been working
under S4 until a GIT pull. I tried blowing the Samba install away and
re-provisioning as it's a testbed more than anything with only a few users
but can't seem to get past the invalid_acl error for some reason.

Thanks,

On Tue, March 4, 2014 2:46 am, Marty Sweet wrote:
> Hi,
>
> Has this config worked on previous versions of Samba?
> If not it may be better in the Samba/Users mailing list.
>
> I personally have never seen NT_STATUS_INVALID_ACL, and run two ACL
> heavy traffic samba nodes. So will send you my working config if that
> is the issue.
>
> Kind regards,
> Marty Sweet
>
> On 3 March 2014 18:49, Peter Clark <pclark at pclark.com> wrote:
>> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The
>> output
>> of testparm is:
>>
>> [global]
>>         workgroup = SOMETHING
>>         realm = SOMETHING.SOMETHING.COM
>>         server role = active directory domain controller
>>         passdb backend = samba_dsdb
>>         server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, smb
>>         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>>         rpc_server:tcpip = no
>>         rpc_daemon:spoolssd = embedded
>>         rpc_server:spoolss = embedded
>>         rpc_server:winreg = embedded
>>         rpc_server:ntsvcs = embedded
>>         rpc_server:eventlog = embedded
>>         rpc_server:srvsvc = embedded
>>         rpc_server:svcctl = embedded
>>         rpc_server:default = external
>>         idmap_ldb:use rfc2307 = yes
>>         idmap config * : backend = tdb
>>         map archive = No
>>         map readonly = no
>>         store dos attributes = Yes
>>         vfs objects = dfs_samba4, acl_xattr
>>
>> [netlogon]
>>         path =
>> /usr/local/samba/var/locks/sysvol/something.something.com/scripts
>>         read only = No
>>
>> [sysvol]
>>         path = /usr/local/samba/var/locks/sysvol
>>         read only = No
>>
>> [homes]
>>         path = /home
>>         read only = No
>>
>> I can run lists:
>>
>>  smbclient -L localhost -U%
>> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
>>
>>         Sharename       Type      Comment
>>         ---------       ----      -------
>>         netlogon        Disk
>>         sysvol          Disk
>>         homes           Disk
>>         IPC$            IPC       IPC Service
>> localhost is an IPv6 address -- no workgroup available
>> [pclark at c3po ~]$
>>
>> However when I log in as a user and try to go into my homedir:
>>
>> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
>> smb: \> dir
>>   .                                   D        0  Sun Mar  2 11:06:09
>> 2014
>>   ..                                  D        0  Mon Mar  3 03:44:25
>> 2014
>>   pclark                              D        0  Mon Mar  3 13:36:36
>> 2014
>>
>>                 34001 blocks of size 8388608. 13463 blocks available
>> smb: \> cd pclark
>> cd \pclark\: NT_STATUS_INVALID_ACL
>> smb: \>
>>
>> getfacl shows:
>> getfacl pclark
>> # file: pclark
>> # owner: pclark
>> # group: root
>> user::rwx
>> group::rwx
>> other::r-x
>>
>> When I try and bring up the folder on a Windows system the security tab
>> only has an X with an error message that says the "security information
>> is
>> unavailable or cannot be displayed", even when logged into the domain as
>> Administrator.
>>
>> My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
>> sure how to troubleshoot this further, any thoughts on how to reset the
>> acl to a baseline that can be later edited (or, what did I do wrong
>> here?)
>> would be appreciated.
>>
>> Thanks,
>>
>




More information about the samba-technical mailing list