[Samba] Access Denied when changing ACLs from W2000 client
Greg Freemyer
freemyer at NorcrossGroup.com
Tue Aug 20 10:15:59 GMT 2002
Peter,
>> smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
>> convert_canon_ace_to_posix_perms: Too many ACE entries for file TestACL
>> to
>> convert to posix perms.
Do you already have a bunch of ACLs set on the files your trying.
I am just getting up to speed with Samba, so I can't really read the logs yet, =
but I do know that Linux only supports a few ACLs per file. I think the latest =
and greatest is 21 ACLs per file. (I think that is a limit for both ext2/3 and =
xfs, but I'm not sure.).
=20
Early 2.4.18 kernels supported even less ACLs under XFS due to a XFS bug. I =
think it was 9 or 15, but I'm not sure. I don't know if that bug affected =
ext2/3.
Samba may also have a limit, but I don't know.
>> Hi all
>> I'm having some problems trying to configure ACLs from a Win2000 SP3
>> client. I'm running Samba 2.2.5 on kernel 2.4.18 (with acl + ext attr),
>> Samba is compiled with acl support etc.
>> Samba is configured with security=3Ddomain, and is running with local=20
>> groups etc rather than thru winbind, I haven't been game enough to tread
>> those waters yet.
>> With the debug level set to 5 I'm getting the following errors in my=20
>> client machine log after trying to add an extra group into the permissions
>> via folder properties on the W2k client.
>> Can anyone shed some light on this, I've played around with the security
>> mode
>> settings etc on this share, almost certainly this is where I'm going
>> wrong,
>> but
>> I can't see where.=20
>> The share excerpt from smb.conf is listed before the log entries.
>> TIA
>> -------
>> [Shared]
>> comment =3D Shared Workgroup Area
>> path =3D /home/samba/shared
>> valid users =3D @g-users
>> admin users =3D @g-itstaff
>> read only =3D No
>> inherit permissions =3D no
>> inherit acls =3D yes
>> guest ok =3D No
>> security mask =3D 0777
>> force security mode =3D 00
>> directory security mask =3D 0777
>> force directory security mode =3D 00
>> vfs object =3D /usr/lib/samba/recycle.so
>> vfs options =3D /etc/samba/recycle.conf
>> -------
>> [2002/08/20 18:01:06, 5] rpc_parse/parse_prs.c:prs_uint8(500)
>> 00ab id_auth[5] : 05
>> [2002/08/20 18:01:06, 5] rpc_parse/parse_prs.c:prs_uint32s(785)
>> 00ac sub_auths : 00000015 78e3081a b5b9d1db f95de5a2
>> 000003e8=20
>> [2002/08/20 18:01:06, 5] smbd/posix_acls.c:unpack_nt_owners(433)
>> unpack_nt_owners: validating owner_sids.
>> [2002/08/20 18:01:06, 5] smbd/posix_acls.c:unpack_nt_owners(474)
>> unpack_nt_owners: owner_sids validated.
>> [2002/08/20 18:01:06, 3] smbd/dosmode.c:unix_mode(111)
>> unix_mode(TestACL) returning 0760
>> [2002/08/20 18:01:06, 3]
>> smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
>> convert_canon_ace_to_posix_perms: Too many ACE entries for file TestACL
>> to
>> convert to posix perms.
>> [2002/08/20 18:01:06, 3] smbd/posix_acls.c:set_nt_acl(2242)
>> set_nt_acl: failed to convert file acl to posix permissions for file
>> TestACL.
>> [2002/08/20 18:01:06, 3] smbd/error.c:error_packet(91)
>> error string =3D Function not implemented
>> [2002/08/20 18:01:06, 3] smbd/error.c:error_packet(106)
>> error packet at smbd/nttrans.c(1714) cmd=3D160 (SMBnttrans)
>> NT_STATUS_ACCESS_DENIED
>> --=20
>> To unsubscribe from this list go to the following URL and read the
>> instructions: http://lists.samba.org/mailman/listinfo/samba
Greg Freemyer
Internet Engineer
Deployment and Integration Specialist
Compaq ASE - Tru64 v4, v5
Compaq Master ASE - SAN Architect
The Norcross Group
www.NorcrossGroup.com
More information about the samba
mailing list