[Samba] CIFS/ACLs

Thilo Rees, Continum thilo.rees at continum.net
Wed Jun 1 12:16:42 GMT 2005 

Hi,

I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS 
security-mode. Winbind is used to map the userers from the W2K3-Domain 
(german) to an tdb-file. The user mapping works fine, but I have 
problems with the ACLS: setting the ACLS to a file or folder from 
windows leads in "access denied". I'm the owner of the object and have 
full access. The really crazy thing is, that it works sometimes, but 
later the ACLs are gone (showing standard permissions) and I can't 
modify them (Access denied). "getacls" form Unix side displays the 
formerly configured ACLS ....
The logfile (loglevel=2) shows:

log.smbd:
open_sockets_smbd: accept: No buffer space available

<host>.log
[2005/05/30 11:22:29, 1] smbd/service.c:make_connection_snum(648)
 192.168.200.11 (192.168.200.11) connect to service tmp initially as 
user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9429)
[2005/05/30 11:29:37, 1] smbd/service.c:close_cnum(835)
 192.168.200.11 (192.168.200.11) closed connection to service tmp
[2005/05/30 11:30:17, 2] smbd/server.c:main(893)
 Changed root to /
[2005/05/30 11:30:17, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2005/05/30 11:30:19, 1] smbd/service.c:make_connection_snum(648)
 192.168.200.11 (192.168.200.11) connect to service tmp initially as 
user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9553)
[2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
 set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest 
(Invalid argument).

my smb.conf is simple:

[global]
       display charset = UTF-8
       workgroup = FRHAWIN
       realm = YYYYY.YYYYY.YYY
       netbios name = FSERV0
       server string = CIFS_HP_UX
       security = ADS
       password server = xxxx.xxxxx.xxxx.xxx
       log level = 2
       log file = /var/opt/samba/log.%m
       max log size = 1000
       host msdfs = Yes
       idmap uid = 10000-20000
       idmap gid = 10000-20000
       winbind use default domain = Yes

[tmp]
       comment = Temporary file space
       path = /tmp
       read only = No

Any suggestions?

Regards: Thilo


-- 

Thilo Rees
Continum AG, Technik
Wentzingerstr. 7a
D-79106 Freiburg i. Br.
http://www.continum.net
Tel.:  +49 761 479409-60
Fax.:  +49 761 479409-33
mail: thilo.rees at continum.net

More information about the samba mailing list