[Samba] 3.04 acl new user/group adding problem

[Prajjwal]

Hi all

I've written a few mails to the list hoping that I might get some hint to what 
mistake I've been making in configuring my samba server with acl support, but 
haven't been able to figure out much to date.  I'm sending some parts of my 
log files with a description of my problem as a last hope-- I will have to go 
through the manuals from cover to cover if I dont get an answer this time I 
guess.

This mail is a bit too long to include all the details I thought necessary, 
but since its my last resort before going into all the gory details, I'm 
sending it with hopes that someone will be able to help me out here.

I'm including the problem description at the end of the letter.

Hope you can help me
Regards,
Prajjwal


General Description:
1. Linux kernel 2.4.24, acl patch from acl.bestbits.at--> setfacl, getfacl 
properly working.
2. Samba 3.0.4 with acl support built in.
3. Samba standalone PDC configured with user level security. (domain name: 
SYSTEMS, samba server name: BRIDGE)
4. Windows XP Professional Client used (netbios name: PRAJCOMP)
5. Both owner and root able to modify existing acl entries on files and 
folders.

Problem:
1. When trying to add extra users/groups using the Object Picker, even as 
root, authorized account is requested (root is listed in Domain Admins) and 
when I try to login as root again, I get an error message saying multiple 
connections to a shared resource are not allowed.
2. if an acl entry is shown for an user in the properties of one file,e.g. 
SYSTEMS\prajjwal, if I try to add that same acl entry to another file which 
does not have an acl entry for that user, the user will not be recognized.

Attempted solutions:
1. Have tried various net group mapping combinations.
2. Have tried both user and domain level security.
3. Have tried with smbpasswd backend as well as tdbsam backend ( the backend 
used when generating these logs is tdbsam)

Selected suspicious lines in the machine log file with description of places 
where they occur ( log level 10 used ):

1. When the initial username/password dialog appears on the client computer:
askauth.log:  Cache entry with key = TDOM/PRAJCOMP couldn't be found
askauth.log:  check_ntlm_password: guest had nothing to say
askauth.log:  pdb_getsampwnam (TDB): error fetching database.
askauth.log:   Error: Record does not exist
askauth.log:  check_sam_security: Couldn't find user 'other' in passdb file.

2. When username/password for user root are entered, and client is logged in:
rootloggedin.log:  auth_get_challenge: module guest did not want to specify a 
challenge
rootloggedin.log:  auth_get_challenge: module sam did not want to specify a 
challenge
rootloggedin.log:  auth_get_challenge: module winbind did not want to specify 
a challenge
rootloggedin.log:  Cache entry with key = TDOM/PRAJCOMP couldn't be found
rootloggedin.log:  check_ntlm_password: guest had nothing to say
rootloggedin.log:  Account not autolocked, no check needed
rootloggedin.log:  lp_servicenumber: couldn't find 
rootrootloggedin.log:[2004/06/30 11:27:49, 5] 
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5] 
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5] 
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5] 
rpc_parse/parse_prs.c:prs_werror(695)
rootloggedin.log:[2004/06/30 11:27:50, 5] 
rpc_parse/parse_prs.c:prs_werror(695)

3. When the properties dialog box is opened for a file:
firstpropdialog.log:  Error opening file tmp/test.dll (No such file or 
directory) (local_flags=0) (flags=0)
firstpropdialog.log:[2004/06/30 11:28:21, 10] 
smbd/trans2.c:set_bad_path_error(2213)
firstpropdialog.log:  set_bad_path_error: err = 2 bad_path = 
0firstpropdialog.log:
[2004/06/30 11:28:21, 3] smbd/error.c:error_packet(94)
firstpropdialog.log: error string = No such file or directory
firstpropdialog.log:[2004/06/30 11:28:21, 3] smbd/error.c:error_packet(118)
firstpropdialog.log:  error packet at smbd/trans2.c(2219) cmd=162 
(SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND

4. When the "security" tab is pressed to get a list of the users and groups in 
the acl entries for the file

userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(94)
userlist.log:  error string = No data available
userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(118)
userlist.log:  error packet at smbd/nttrans.c(104) cmd=160 (SMBnttrans) 
NT_STATUS_BUFFER_TOO_SMALL
userlist.log:[2004/06/30 11:28:31, 3] smbd/error.c:error_packet(94)
userlist.log:  error string = No data available
userlist.log:  lsa_io_sec_qos: length c does not match size 8
userlist.log:  lsa_io_sec_qos: length c does not match size 8
userlist.log:  pdb_getsampwrid (TDB): error looking up RID 512 by key 
RID_00000200.userlist.log:   Error: Record does not exist
userlist.log:              00c0 bad_password_count     : 0000
userlist.log:  get_alias_user_groups: not returing Domain Admins, not an ALIAS 
group.
userlist.log:  get_alias_user_groups: not returing bin, not in the domain SID.
userlist.log:  get_alias_user_groups: not returing daemon, not in the domain 
SID.
userlist.log:  get_alias_user_groups: not returing sys, not in the domain SID.
userlist.log:  get_alias_user_groups: not returing adm, not in the domain SID.
userlist.log:  get_alias_user_groups: not returing disk, not in the domain 
SID.
userlist.log:  get_alias_user_groups: not returing wheel, not in the domain 
SID.
userlist.log:  get_alias_user_groups: not returing Domain Admins, not an ALIAS 
group.
userlist.log:  pdb_getsampwrid (TDB): error looking up RID 512 by key 
RID_00000200.
userlist.log:   Error: Record does not exist
userlist.log:  _samr_query_useraliases: an error occured while getting groups

5. When the "add" button is pressed to get extra users/groups added to the 
file acl entries
addpress.log:  Cache entry with key = TDOM/SYSTEMS couldn't be found
addpress.log:  pdb_getsampwrid (TDB): error looking up RID 501 by key 
RID_000001f5.
addpress.log:  Error: Record does not existaddpress.log:  lsa_io_sec_qos: 
length c does not match size 8