[Samba] modify permissions fail on new file server.

Greg greg at fqdn.com
Wed Dec 31 22:35:52 GMT 2003 

Hello, 

I'm using winbindd with samba 3.0.1.  Everything starts up as expected 
and tests return the expected results (wbinfo and getent).   Files 
created via windows  clients are create with the proper ownership and 
group membership.  When I attempt to modify the permissions via the 
windows security tab (add another group, change ownership for example) 
I'll get a win pop up saying 'permission denied" and the below out put 
will be wrote out to the machine.log.  From a unix shell I can change 
perms over NFS.


  fetch uid from cache 3041 -> S-1-5-21-861567501-1262210171-1417111838-1275
[2003/12/31 16:46:07, 3] smbd/dosmode.c:unix_mode(110)
  unix_mode(VFX/greg-test/foo) returning 0744
[2003/12/31 16:46:07, 2] smbd/posix_acls.c:set_canon_ace_list(2414)
  set_canon_ace_list: sys_acl_set_file type file failed for file 
VFX/greg-test/foo (Operation not supported).
[2003/12/31 16:46:07, 3] 
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2499)
  convert_canon_ace_to_posix_perms: Too many ACE entries for file 
VFX/greg-test/foo to convert to posix perms.
[2003/12/31 16:46:07, 3] smbd/posix_acls.c:set_nt_acl(3140)
  set_nt_acl: failed to convert file acl to posix permissions for file 
VFX/greg-test/foo.
[2003/12/31 16:46:07, 3] smbd/error.c:error_packet(94)
  error string = Operation not supported


As the file appears from UNIX:
drwxr-xr-x    2 greg     Domain Users       96 Dec 31 16:29 foo
The dir this is in has a mode of 777 and is owned by 'greg'.

Samba was built with:
configure --with-ads --with-pam --with-winbind-auth-challenge 
--with-acl-support --with-winbind  --prefix=/opt/samba

The physical setup is as such:
W2kCLIENTS<---smb--->SAMBA-SERVER<---nfs--->NFS-SERVER===DISKARRAY

SAMBA-SERVER has 2 interfaces on it,  one samba listens on,  the other 
is used for NFS traffic.
NFS-SERVER has the physical drives attached to it,  using veritas 
cluster file system version 3.x
SAMBA-SERVER mounts the drives under /n/fire/array.  this is also 
defined within smb.conf.

My question:  Why can I not change ACL's on the file system?  Is there 
something I can do to correct this?
I see it mentions to many ACE entries to convert to posix, I used a 
local XFS file system a while ago and
 things seemed to work as expected,  but this is no longer an option.

Thanks for your input,
greg


smb.conf:

[global]
        workgroup = CDP
        server string = Render Services %v
        security = DOMAIN
        interfaces = eth0
        encrypt passwords = Yes
        log level = 1
        log file = /opt/samba/log/%m.log
        max log size = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 23
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 3000-4000
        idmap gid = 3000-4000
        winbind use default domain = Yes
        admin users = @systems
        hosts allow = 172.16.92., 172.16.93., 172.16.94., 172.16.95., 127.
        map acl inherit = Yes
# since we have 2Gs of memory, lets see how this works out. -greg
        write cache size = 1048576  
        winbind cache time = 300
        template homedir = /home/winnt/%D/%U
        template shell = /bin/tcsh


[array]
        path = /n/fire/array
        read only = No
        guest ok = Yes

mount:

fire:/export/array1 on /n/fire/array type nfs 
(rw,bg,vers=3,soft,intr,addr=172.16.92.90)
fire:/export/array2 on /n/fire/array/VFX type nfs 
(rw,bg,vers=3,soft,intr,addr=172.16.92.90)


Versions:
SAMBA-SERVER
Samba 3.0.1
kernel 2.4.23-xfs
NFS-SERVER:
Solaris9 12-03 sparc
Veritas 3.5
Clients:
NT2k w/ 500 patches.

More information about the samba mailing list