[Samba] Problem setting ACLs on files/folders... plz help!

Kirk Marple kirk-public at agnostic-media.com
Fri Jun 25 00:40:08 GMT 2004

I'm running Samba on a Mac OS X server, and the server is a member of a
Windows domain (Windows 2003).
Samba is setup for security=domain permissions.
I have opened up a file share to the Windows machines named AppDeployment.
I'm able to open \\xserve\AppDeployment on a Windows server, and am able to
create directories and copy files in there.   (Btw, when i attempt to "net
use" that directory from Windows, I'm required to enter an account from the
Mac server.)
Even if i login as 'root' on the Mac server when accessing that file share,
when i try and change the permissions of a folder (i.e. add ACLs for a
domain user via the Windows property page), I get an error dialog saying
"Unable to save permission changes on <directory name>".  Access is denied."
when i try and apply the changes.
any thoughts on what could be going wrong?  i'm pretty stuck!   
am i going about this the wrong way?   basically i want to setup Samba so i
can have a file share on the Mac server that is exposed to the Windows
servers in the domain, and the Windows servers can set ACLs on the
files/folders using accounts in the domain.
thanks for any help!
        workgroup = <...>
        password server = *
        hide files = .Trashes/Temporary Items/Desktop
        display charset = UTF-8-MAC
        print command = /usr/sbin/PrintServiceAccess printps %p %s
        lprm command = /usr/sbin/PrintServiceAccess remove %p %j
        security = domain
        guest account = unknown
        encrypt passwords = yes
        printing = BSD
        allow trusted domains = yes
        preferred master = no
        lppause command = /usr/sbin/PrintServiceAccess hold %p %j
        netbios name = xserve
        wins support = no
        max smbd processes = 0
        printcap =
        server string = Mac OS X
        lpresume command = /usr/sbin/PrintServiceAccess release %p %j
        client ntlmv2 auth = yes
        domain logons = no
        lpq command = /usr/sbin/PrintServiceAccess jobs %p
        passdb backend = opendirectorysam guest
        dos charset = CP437
        unix charset = UTF-8-MAC
        socket options = SO_RCVBUF=64240
        auth methods = guest ntdomain opendirectory
        local master = no
        use spnego = yes
        map to guest = Bad User
        domain master = no
        printer admin = @admin, @staff
        log level = 3
        oplocks = 0
        map archive = no
        path = /Volumes/<...>/AppDeployment
        read only = no
        inherit permissions = 1
        strict locking = 1
        comment = macosx
        create mask = 0666
        guest ok = 1
        public = yes
        writeable = yes
        directory mask = 0777

More information about the samba mailing list