FW: [Samba] Trouble with ACLs

Michael St. Laurent mikes at hartwellcorp.com
Tue May 25 16:21:14 GMT 2004


Well, I screwed around a bit and after doing a "wbinfo -u" and a "wbinfo -g"
I stopped getting the "unable to map SID" error.  Now I'm getting a
different error.  ;-D

[2004/05/25 09:09:34, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(FC2-i386-disc1.iso) returning 0744
[2004/05/25 09:09:34, 3]
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2500)
  convert_canon_ace_to_posix_perms: Too many ACE entries for file
FC2-i386-disc1.iso to convert to posix perms.
[2004/05/25 09:09:34, 3] smbd/posix_acls.c:set_nt_acl(3141)  set_nt_acl:
failed to convert file acl to posix permissions for file FC2-i386-disc1.iso.
[2004/05/25 09:09:34, 3] smbd/error.c:error_packet(94)  error string =
Function not implemented
[2004/05/25 09:09:34, 3] smbd/error.c:error_packet(118)  error packet at
smbd/nttrans.c(1827) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED

Here's the getfacl for the file in question:

[root at hart-nas redhat]# getfacl FC2-i386-disc1.iso
# file: FC2-i386-disc1.iso
# owner: root
# group: mis
user::rw-
group::rw-
other::rw-

As you can see it's a pretty basic situation.  I'm just trying to add one
user to the ACL list and give them modify permissions.  It occured to me
that the problem *might* be that I was not the owner of the file and so I
corrected that situation but still got exactly the same results in the log
file.

Michael St. Laurent <mailto:mikes at hartwellcorp.com> wrote:
> I've got ACLs enabled in the kernel now and I can add and/or remove
> them using the unix command line program (setfacl/getfacl).  However,
> there still seems to be a problem.  When I try to add an ACL type
> permission to a file (through Samba) I get the following in the log
> file: 
> 
> [2004/05/24 18:14:57, 0]
> smbd/posix_acls.c:create_canon_ace_lists(1381)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-356471451-824197641-1237804090-1180 to uid or gid. 
> 
> I'm fairly certain that Samba was compiled with the --with-acl-support
> option so I think the problem is with my smb.conf file.
> 
> Below is the relevant section:
> 
> [global]
>         workgroup = MERCURY
>         server string = Hart-NAS Storage Server
>         security = DOMAIN
>         encrypt passwords = Yes
>         password server = *
>         winbind trusted domains only = Yes
>         idmap gid = 30000-40000
>         idmap uid = 30000-40000
>         log file = /var/log/samba/log.%m
>         log level = 0
>         max log size = 50
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>         load printers = No
>         printcap name = /etc/samba/smbprinters
>         add user script = /usr/local/sbin/add_smb_user %u
>         os level = 0
>         local master = No
>         dns proxy = No
>         wins server = 10.11.10.6
>         write cache size = 524288
>         max xmit = 65535
> 
> --
> Michael St. Laurent
> Hartwell Corporation



-- 
Michael St. Laurent
Hartwell Corporation


More information about the samba mailing list