[Samba] samba-3.0.4 acl problem in windows shares

Prajjwal P. Devkota prajjwal at wlink.com.np
Tue Jun 15 10:24:36 GMT 2004

Hi everyone

        I've been trying to setup samba file sharing with acl support for the 
past few days. I recompiled my kernel with acl support, and have verified 
that setfacl and getfacl are working properly.

        I compiled samba on my test machine with acl enabled, and was able to 
access and create files.  However, I cannot grant additional users 
permissions on the shared files, or modify the acls from my windows xp 
professional computer.  I had initially tried  the setup without samba 
functioning as a domain controller.  However, suspecting that it might be a 
domain related problem, I set it up to be a PDC.

        I am still getting either a "permission denied" message or a "multiple 
connections to server from same account not allowed" when I try to modify the 
share acls from a windows xp/2000 box, and I am getting the following 
messages in the machine log for samba:

[2004/06/15 14:52:02, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(529)
  Doing spnego session setup
[2004/06/15 14:52:02, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(560)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] 
[2004/06/15 14:52:02, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[praj] domain=[PRAJCOMP] workstation=[PRAJCOMP] len1=24 len2=24

        I have seen similar problems when going through internet mailing 
lists, but have not been able to get much help from the replies that were 
posted.  I initially had a problem with group mappings, and apparently fixed 
it after mapping the groups wheel and users.  My logs do not complain about 
NT not liking the group not being a domain group, but I still get a 
permission denied when trying to set acl permissions on file shares.

        Its my first experience with samba as a PDC as well as with samba 
acls, so I would be highly appreciative of any help that you could offer.

        I've attached my basic configuration at the end of this letter, hope 
it is descriptive enough.

Thanking you in advance

Linux kernel: 2.4.24 ( with acl patch from acl.bestbits.at )

Samba version: samba-3.0.4

samba compile options:
 ./configure --with-acl-support --with-smbmount --with-quotas --with-ads

smb.conf file:
        workgroup = SYSTEMS
        realm = SYSTEMS
        server string = BRIDGE
        smb passwd file = /etc/samba/smbpasswd
        log file = /var/log/samba/%m.log

        max log size = 50
        acl compatibility = win2k
        nt acl support = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain logons = Yes
        preferred master = Yes
        local master = Yes
        domain master = Yes
        add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
        os level = 64
        security = user

        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = Yes
        log level = 3

        path = /tmp

        comment = Home Directories
        read only = No
        writeable = Yes

        comment = Common shares
        read only = Yes
        writeable = Yes
        path = /sambasharing

 comment = Network Logon Service
  path = /home/netlogon
  read only = yes
  write list = administrator
  public = no
  guest ok = yes
  browseable = yes
  writeable = no
  locking = no
  create mask = 0644
  directory mask = 0755

More information about the samba mailing list