Windows Explorer Remote ACL editing to Samba - works from Windows 10 but not Windows 8.1
Jeremy Allison
jra at samba.org
Tue Nov 8 21:36:15 UTC 2016
On Tue, Nov 08, 2016 at 03:00:09PM -0600, Steve French wrote:
> Was experimenting with some ACL editing issues that our testers reported,
> and ran into an interesting issue.
>
> When you add an ACE for a remote user (ie a user on the Samba server) in
> Windows Explorer's ACL editor (see e.g.
> https://medschool.duke.edu/sites/medschool.duke.edu/files/upload/explorer_users_computers.jpg
> )
>
> Our testers noticed (and I confirmed with e.g. Samba 4.5, on Fedora etc.)
> that if you try to add an ACE for a user (in my case a user defined on the
> remote system, ie Samba server) from Windows 8.1 it fails, but for Windows
> 10 it works.
>
> Comparing wireshark traces:
> 1) netwkstagetinfo
> 2) getinfo on lsarpc
> 3) lsa_OpenPolicy2 (only on Windows 10)
> 4) lsa_LookupNames (only on Windows 10)
> 5) DsRoleGetPrimaryDomainInfo
>
> Any idea why Samba doesn't act as expected for Windows 8.1 ACL editing to
> work. Also by the way, our testers found other versions (not just Windows
> 8.1) that failed - but most recent Windows (and IIRC Windows 7 as well)
> worked.
Log a bug and upload wireshark traces. No one else has seen that,
otherwise it would have been mentioned on the list already.
More information about the samba-technical
mailing list