[Samba] managing acl's via windows in samba 3.0 alpha 21

Rick Segeberg rick.segeberg at waterford.org
Thu Feb 20 00:29:43 GMT 2003


I've been trying to get the acl functionality (from windows) to work now
for several days and have not found a solution.  I've spent many hours
Googling the web, and searching the samba list archives.  

If someone else has this working (in the 3.0 alpha code), I would
appreciate seeing your config files, if you wouldn't mind.

Goal: to be able to add user/group permissions to files and/or
directories using windows.

Environment:
Red Hat 8.0 (kernel version 2.4.19 w/ acl support built in)
File system: ext3 mounted default,acl from fstab
Samba 3.0 alpha 21 (compiled: --with-ads --with-acl-support
--with-winbind --with-smbmount)
Windows 2000 ADS (native)

I've successfully joined the ads domain and can access files etc. with
no problems from my windows workstation logged into the domain.  I've
got acl's working on the linux side (meaning I can successfully add
multiple user and group permissions to a file or directory using
setfacl.  However, when I try to add a user to a file or directory from
windows, I get the following error:

"Unable to save permission changes on file <name>.  Access denied."

log.winbindd shows:
[2003/02/19 16:50:53, 1]
nsswitch/winbindd_sid.c:winbindd_sid_to_uid(140)
  Could not get uid for sid ..........

Also, users that I've added from the linux side (using setfacl) do not
show up on the list when I view the file's security properties.

I'm at a loss and can't seem to find anything to point me in the right
direction.

****** smb.conf ********
[global]
        workgroup = MYDMN
        netbios name = LINTEST

        realm = MYDOMAIN.ORG
        ads server = 10.1.30.39
        server string = %L running Samba %v
        security = ADS
        password server = postoffice
        passwd program = /usr/bin/passwd %u
        encrypt passwords = yes
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        preferred master = No
        local master = No

        #added 1/31/03
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain master = No
        dns proxy = no
        ldap ssl = no

        # Winbind stuff
        winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = No
        template homedir = /home/%U
        template shell = /bin/bash

        #Extras
        time server = yes

[homes]
        guest ok = no
        read only = no

[users]
        path=/users
        guest ok = no
        read only = no
        ###ACL stuff
        # admin users = rick
        # security mask = 0777
        nt acl support = yes
        # inherit acls = yes
        # force user = root
**************************************************
The items in the [users] section that are rem'd out, are things I've
tried, but didn't seem to make a difference.

BTW: I've tried making the file owned by root and by the user trying to
make the change.

Thanks for any help you can offer.


Rick Segeberg
Provo Site Manager, IT Department
The Waterford Institute
rick.segeberg at waterford.org

*************************************

This email may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.  
Any review, copying, printing, disclosure or other use is prohibited.
We reserve the right to monitor email sent through our network.

*************************************



More information about the samba mailing list