[Samba] Samba 3.0.4 acl problem

[Prajjwal]

Hi people

My problem is quite strange, and I am just sending this email to point 
out another small oddity I noticed while setting acls.  My server is 
Samba 3.0.4, and I have acl support built into it as well as into the 
2.4.24 kernel (patched with acl patch from acl.bestbits.at).
Here is the strange stuff that is going on:

Description of hosts:
Samba server:
i.p.-- a.b.c.d
netbios name-- test
dns name-- smbserv
samba configured as a PDC

ANOMALY: wbinfo -g returns some values that do not seem to be complete, 
wbinfo -u returns "error looking up domain users"

Client: Windows XP Professional

Problem:
1. When I open a share on the server using the address \\a.b.c.d (server 
i.p. address), I can easily view and set acls

2. When I open a share on the server using \\smbserv (server dns name), 
I can still easily view and set acls

3. When I open a share on the server using \\test (server netbios name), 
     a. I can access shares and modify existing acls
     b. When I try to add new acls for other users on files or 
directories, I cannot search for any domain users in the 
add->advanced->find now button of the properties dialog box, getting the 
error message that multiple connections to a shared resource are not 
possible.
     c. After this, until I logout, I cannot set new acls even if I 
login from \\a.b.c.d or \\test

4. If the netbios name and the dns name of the server are set to be the 
same, then when I open the share using the dns name/netbios name, I 
cannot set new acls.

I just wrote to mention that the problem just seems to be something with 
netbios naming, as everything works fine while using dns names.  I would 
appreciate any suggestions for getting that working if you could help me 
  with that, anyway, I just wanted to add this new thing I had noticed.

Regards,
Prajjwal


Prajjwal wrote:

> Thanks Jerry
> 
> I had checked most of the time using the netbios name of the samba host. 
>  I am using samba 3.0.4, and I do recall that I had been able to get the 
> acls working for around a day even using the netbios names when I had 
> been playing around with some settings.  However, the acl display 
> stopped working all of a sudden, and I have been perplexed as to why 
> that happened.
> 
> I tried setting up a very basic samba configuration with samba on two 
> different machines, and I am getting the both result on both -- I can 
> get the list of users when I logon to the host using the ip address, but 
> I can't get the userlist when I use the netbios name.  Modifying 
> existing acl's works fine though.
> 
> I am using a configuration that testparm labels as:
>  "Server role: ROLE_DOMAIN_PDC"
> --guess that shouldn't be happening right?
> 
> Would help a lot if any of you had any suggestions
> 
> With best regards,
> Prajjwal
> 
> Gerald (Jerry) Carter wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Prajjwal wrote:
>>
>> | I can view and modify any permissions on the existing
>> | files that are  being shared.  If setfacl has been used
>> | to grant additional users  permissions, then those users
>> | are also displayed, and their permissions  can also be set.
>> |
>> | However, if I try to add any new users to the acl, a
>> | dialog box pops up,  asking me to provide it with the
>> | username and password of a user with  permissions to modify on
>> | my domain, and when I supply the username and password, the
>> | dialog responds that multiple connections to the shared
>> | resource are not allowed, and it asks me to close all
>> | other connections  before trying again.
>>
>> This is a 2k -> NT interoperability bug.  We spent a good bit
>> of time on this before 3.0.0 was released.  Don't rmember
>> the bug number right now.  You can recreate the exact same
>> behavior between 2k and an nt4 standalone file server.
>>
>> There was no workaround except to use Samba as a PDC instead
>> of a standalone server.  Or possibly to connect to share using
>> the IP of the Samba server instead (this causing the user
>> enumeration to the netbios name).
>>
>> Hope this helps.
>>
>>
>>
>> cheers, jerry
>> - ----------------------------------------------------------------------
>> Hewlett-Packard            ------------------------- http://www.hp.com
>> SAMBA Team                 ---------------------- http://www.samba.org
>> GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
>> "...a hundred billion castaways looking for a home." ----------- Sting
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.4 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFA7ZTCIR7qMdg1EfYRAvFtAJ9ewgjYO8zG+a8RcttmW6X4JpJsjwCg8lQE
>> 8u3fEXoNnh/j7/klPeTalfk=
>> =K7ye
>> -----END PGP SIGNATURE-----
>>
>>
>>
>