[Samba] Preserving ACLs on files when copying from NT4 server to Samba 3.0.5 server

Dan Hill dwh6 at cwru.edu
Sun Aug 1 16:17:11 GMT 2004 

Hi guys.

I'm running:

Mandrake 9.2
Kernel 2.4.22-30mdk
XFS file system
Samba 3.0.5 plus patches for bugs 1315, 1319 and 1345 (self compiled)
OpenLDAP 2.1.22-5mdk
smbldap-tools 0.8.5

I was able to join the Samba to the NT PDC as a BDC and vampire without 
issue.  I have setup duplicate shares on Samba and am trying to copy 
over the data from NT.  I have tried scopy, xcopy and copying via GUI 
from the the NT directly to Samba but ACLs do not seem to flow properly. 
  For example:

On NT for a given file using the smbcacls command the perms are

ACL:FESFOO\Domain Users:ALLOWED/0/READ
ACL:BUILTIN\Administrators:ALLOWED/0/FULL
ACL:FESFOO\InfoCenter:ALLOWED/0/FULL

when the file or directory is copied to Samba the ACLs become

ACL:FESFOO\root:ALLOWED/0/RW
ACL:FESFOO\InfoCenter:ALLOWED/0/RW
ACL:\Everyone:ALLOWED/0/

I can manually go in and fix these via a windows GUI but when I try to 
use smbcacls

smbcacls -d 3 //spiderman-new/infocenter stim.zip -Uadministrator -M 
ACL:FESFOO/InfoCenter:ALLOWED/0/FULL

I get

Connecting to 192.168.242.129 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
Connecting to host=spiderman-new
Connecting to 192.168.242.129 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
lsa_io_sec_qos: length c does not match size 8
Failed to parse ACL ACL:FESFOO/InfoCenter

I have nt 'acl support = yes' in my smb.conf [global] and also have 
verfied Samba'ss acl support via `ldd /usr/sbin/smbd`.

Any ideas how I can proceed?  I am hoping to automate some things and 
not have to redo all the rights from scratch after migrating data.

Thanks for your time.

~Dan

More information about the samba mailing list