[Samba] unable to validate owner sid
Jeremy Allison
jra at samba.org
Fri Mar 1 18:47:02 GMT 2002
On Fri, Mar 01, 2002 at 11:47:07AM -0800, Justin Weissig wrote:
> Hi,
>
> I was hoping someone could help me out or just point me in the correct
> directions as to what I am doing wrong. I have Samba 2.2.3a installed and
> configured with winbind for domain authentication using an ext3 file system
> with ACL support. It is working great! Thanks Samba Team!
>
> The problem that I am experiencing is I would like to use an application
> like "xcopy" to propagate the ACL permissions to the samba server from one
> of our w2k DFS servers.
>
> I have added a domain admin user to the "admin user =" string so that they
> can create file as root so they should be able to do anything! The admin
> user is able to authenticate to the Samba server and create the directory
> using "xcopy" but when they attempt to change the permissions I get "access
> denied" with this in my samba.log file.
>
> I AM able to use ACL through the samba shares to change permissions manually
> but when I attempt to use xcopy to transfer the permissions automatically
> here is when I receive.
>
> <snip>
> [2002/03/01 09:32:34, 3]
> smbd/nttrans.c:call_nt_transact_set_security_desc(1732)
> call_nt_transact_set_security_desc: file = infosystems, sent 0x80000007
> [2002/03/01 09:32:34, 3] smbd/posix_acls.c:unpack_nt_owners(443)
> unpack_nt_owners: unable to validate owner sid.
> [2002/03/01 09:32:34, 3] smbd/error.c:error_packet(99) error packet at
> smbd/nttrans.c(1736) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED
> </snip>
>
> Why can't samba validate the sid of the authenticated user?
Because it's trying to set a SID containing a component not
known to the domain in which the Samba server exists (ie. it's
a "foreign" SID). Tridge just added a hack to winbindd to allocate
a uid or gid for "foreign" SIDs in HEAD, but this is not yet in
2.2.x.
Jeremy.
More information about the samba
mailing list