[Samba] Can't set ACL on Samba
Albe
k3rmit at libero.it
Mon Nov 21 15:06:54 GMT 2005
My samba 3.0.20b is compiled with ads and acl support. Kernel is a
2.6.14.2 <http://2.6.14.2>, compiled with acl and extended attributes
for used
filesystems.
The system is running a slackware 10.2. I had to rebuild from source
attr, acl, libattr, libacl to have compiling with acl support.
plus
/[root at ariannadb EHD]# smbd -b | grep ACL
HAVE_SYS_ACL_H
HAVE_POSIX_ACLS
[root at ariannadb EHD]#
/
I doublechecked that.
I also found out that the groups created by the idmap_rid backend do not
reflect entirely the real groups in the Active Directory domain.
Thanks for the help.
Regards,
Alberto
updatemyself . wrote:
> hai...
>
> Look like that u need to rebuild samba...
> with "--with-acl-support" option
> download src rpm ...... install it..
> then edit it... before building ur samba RPM
>
> if u want more.. help.. feel free to contact...
>
> regards
> jerrrynikki
>
> On 11/18/05, *Albe* <k3rmit at libero.it <mailto:k3rmit at libero.it>> wrote:
>
> Hi everybody,
>
> i'm getting mad configuring samba to join an ADS, resolve domain
> users and groups and set ACLs via windows explorer on a share mounted
> with POSIX ACL and extended attributes.
>
> At the point where i am, i've managed to get Samba join correctly the
> domain with idmap_rid backend working fine.
>
> I can correctly set (add, remove, modify) file acls and extended
> attributes via bash, but when i try to simply add a user permission
> on a file or directory via the windows explorer security settings i
> get in the log (level 3):
>
> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> switch message SMBntcreateX (pid 2339) conn 0x8353068
> [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
> unix_mode( WINDOWSRegDefrag.dat) returning 0744
> [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372)
> albe opened file WINDOWSRegDefrag.dat read=No write=No (numopen=1)
> [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
> Transaction 9 of length 244
> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> switch message SMBnttrans (pid 2339) conn 0x8353068
> [2005/11/17 23:12:22, 3] smbd/
> nttrans.c:call_nt_transact_set_security_desc (2081)
> call_nt_transact_set_security_desc: file = WINDOWSRegDefrag.dat,
> sent 0x4
> [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache
> (158)
> fetch sid from uid cache 11334 ->
> S-1-5-21-2707684321-3739850521-1540700870-1334
> [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache
> (232)
> fetch sid from gid cache 10512 ->
> S-1-5-21-2707684321-3739850521-1540700870-512
> [2005/11/17 23:12:22, 3]
> passdb/lookup_sid.c:fetch_uid_from_cache(179)
> fetch uid from cache 11334 ->
> S-1-5-21-2707684321-3739850521-1540700870-1334
> [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179)
> fetch uid from cache 11369 ->
> S-1-5-21-2707684321-3739850521-1540700870-1369
> [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_gid_from_cache(253)
> fetch gid from cache 10512 ->
> S-1-5-21-2707684321-3739850521-1540700870-512
> [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
> unix_mode(WINDOWSRegDefrag.dat) returning 0744
> [2005/11/17 23:12:22, 3] smbd/
> posix_acls.c:convert_canon_ace_to_posix_perms(2585)
> convert_canon_ace_to_posix_perms: Too many ACE entries for file
> WINDOWSRegDefrag.dat to convert to posix perms.
> [2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265)
> set_nt_acl: failed to convert file acl to posix permissions for
> file WINDOWSRegDefrag.dat.
> [2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147)
> error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans)
> NT_STATUS_ACCESS_DENIED
> [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
> Transaction 10 of length 45
> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> switch message SMBclose (pid 2339) conn 0x8353068
> [2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247)
> close fd=-1 fnum=11974 (numopen=1)
> [2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270)
> AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0)
>
> I can correctly set file permission of the classical posix elements:
> user, group and others.
>
>
> My smb.conf
>
> [global]
> workgroup = AGBSOFT
> realm = AGBSOFT.CH
> server string = CVS Server
> security = ADS
> client schannel = No
> allow trusted domains = No
> password server = agbsoft-nt1.agbsoft.ch
> <http://agbsoft-nt1.agbsoft.ch>
> log level = 3
> log file = /var/log/samba/%m.log
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> os level = 18
> preferred master = No
> domain master = No
> wins server = 10.100.0.2 <http://10.100.0.2>
> idmap backend = idmap_rid:AGBSOFT=10000-200000000
> idmap uid = 10000-200000000
> idmap gid = 10000-200000000
> template shell = /bin/bash
> winbind use default domain = Yes
> winbind nested groups = Yes
>
> [prova]
> comment = prova
> path = /home/ftp
> valid users = "@AGBSOFT\Domain Admins"
> read only = No
>
> My samba 3.0.20b is compiled with ads and acl support. Kernel is a
> 2.6.14.2 <http://2.6.14.2>, compiled with acl and extended
> attributes for used
> filesystems.
> The system is running a slackware 10.2. I had to rebuild from source
> attr, acl, libattr, libacl to have compiling with acl support.
>
> What i'm i doing wrong?
>
> Thanks in advance for any help.
>
> I remain at disposal for any further information.
>
>
>
> Alberto
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list