[Samba] Access Denied when changing ACLs from W2000 client

Greg Freemyer freemyer at NorcrossGroup.com
Tue Aug 20 10:15:59 GMT 2002


Peter,

 >>  smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
 >>  convert_canon_ace_to_posix_perms: Too many ACE entries for file TestACL
 >>  to
 >>  convert to posix perms.

Do you already have a bunch of ACLs set on the files your trying.

I am just getting up to speed with Samba, so I can't really read the logs yet, =
but I do know that Linux only supports a few ACLs per file.  I think the latest =
and greatest is 21 ACLs per file. (I think that is a limit for both ext2/3 and =
xfs, but I'm not sure.).
=20
Early 2.4.18 kernels supported even less ACLs under XFS due to a XFS bug.  I =
think it was 9 or 15, but I'm not sure. I don't know if that bug affected =
ext2/3.

Samba may also have a limit, but I don't know.

 >>  Hi all

 >>  I'm having some problems trying to configure ACLs from a Win2000 SP3
 >>  client.  I'm running Samba 2.2.5 on kernel 2.4.18 (with acl + ext attr),
 >>  Samba is compiled with acl support etc.

 >>  Samba is configured with security=3Ddomain, and is running with local=20
 >>  groups etc rather than thru winbind, I haven't been game enough to tread
 >>  those waters yet.

 >>  With the debug level set to 5 I'm getting the following errors in my=20
 >>  client machine log after trying to add an extra group into the permissions
 >>  via folder properties on the W2k client.

 >>  Can anyone shed some light on this, I've played around with the security
 >>  mode
 >>  settings etc on this share, almost certainly this is where I'm going
 >>  wrong,
 >>  but
 >>  I can't see where.=20

 >>  The share excerpt from smb.conf is listed before the log entries.

 >>  TIA

 >>  -------
 >>  [Shared]
 >>      comment =3D Shared Workgroup Area
 >>      path =3D /home/samba/shared
 >>      valid users =3D @g-users
 >>      admin users =3D @g-itstaff
 >>      read only =3D No
 >>      inherit permissions =3D no
 >>      inherit acls =3D yes
 >>      guest ok =3D No
 >>      security mask =3D 0777
 >>      force security mode =3D 00
 >>      directory security mask =3D 0777
 >>      force directory security mode =3D 00
 >>      vfs object =3D /usr/lib/samba/recycle.so
 >>      vfs options =3D /etc/samba/recycle.conf

 >>  -------
 >>  [2002/08/20 18:01:06, 5] rpc_parse/parse_prs.c:prs_uint8(500)
 >>  00ab id_auth[5] : 05
 >>  [2002/08/20 18:01:06, 5] rpc_parse/parse_prs.c:prs_uint32s(785)
 >>  00ac sub_auths : 00000015 78e3081a b5b9d1db f95de5a2
 >>  000003e8=20
 >>  [2002/08/20 18:01:06, 5] smbd/posix_acls.c:unpack_nt_owners(433)
 >>  unpack_nt_owners: validating owner_sids.
 >>  [2002/08/20 18:01:06, 5] smbd/posix_acls.c:unpack_nt_owners(474)
 >>  unpack_nt_owners: owner_sids validated.
 >>  [2002/08/20 18:01:06, 3] smbd/dosmode.c:unix_mode(111)
 >>  unix_mode(TestACL) returning 0760
 >>  [2002/08/20 18:01:06, 3]
 >>  smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
 >>  convert_canon_ace_to_posix_perms: Too many ACE entries for file TestACL
 >>  to
 >>  convert to posix perms.
 >>  [2002/08/20 18:01:06, 3] smbd/posix_acls.c:set_nt_acl(2242)
 >>  set_nt_acl: failed to convert file acl to posix permissions for file
 >>  TestACL.
 >>  [2002/08/20 18:01:06, 3] smbd/error.c:error_packet(91)
 >>  error string =3D Function not implemented
 >>  [2002/08/20 18:01:06, 3] smbd/error.c:error_packet(106)
 >>  error packet at smbd/nttrans.c(1714) cmd=3D160 (SMBnttrans)
 >>  NT_STATUS_ACCESS_DENIED
 >>  --=20
 >>  To unsubscribe from this list go to the following URL and read the
 >>  instructions:  http://lists.samba.org/mailman/listinfo/samba





Greg Freemyer
Internet Engineer
Deployment and Integration Specialist
Compaq ASE - Tru64 v4, v5
Compaq Master ASE - SAN Architect
The Norcross Group
www.NorcrossGroup.com



More information about the samba mailing list