[Samba] Can't set ACL on Samba

Albe k3rmit at libero.it
Mon Nov 21 15:58:25 GMT 2005 

ok, here they are:

/Filesystem            Size  Used Avail Use% Mounted on
/dev/hda1             5.8G  3.1G  2.4G  57% /
/dev/hda6              67G  341M   67G   1% /home
/dev/sda1             115G  109G  6.2G  95% /mnt/EHD
/
//dev/hda1 on / type ext3 (rw,acl,user_xattr)
none on /proc type proc (rw)
none on /proc/bus/usb type usbfs (rw)
none on /sys type sysfs (rw)
/dev/hda6 on /home type ext3 (rw)
/dev/sda1 on /mnt/EHD type reiserfs (rw,acl,user_xattr)
/
regards

albe


updatemyself . wrote:
> it will be better if u can provide.. the following commands..
>
> df -h and mount
>
> regards
> Jerrynikki
>
> On 11/21/05, *Albe* <k3rmit at libero.it <mailto:k3rmit at libero.it>> wrote:
>
>     My samba 3.0.20b is compiled with ads and acl support. Kernel is a
>     2.6.14.2 <http://2.6.14.2>, compiled with acl and extended
>     attributes for used
>     filesystems.
>     The system is running a slackware 10.2. I had to rebuild from source
>     attr, acl, libattr, libacl to have compiling with acl support.
>
>     plus
>
>     /[root at ariannadb EHD]# smbd -b | grep ACL
>        HAVE_SYS_ACL_H
>        HAVE_POSIX_ACLS
>     [root at ariannadb EHD]#
>     /
>     I doublechecked that.
>
>     I also found out that the groups created by the idmap_rid backend
>     do not reflect entirely the real groups in the Active Directory
>     domain.
>
>     Thanks for the help.
>
>     Regards,
>
>
>     Alberto
>
>
>
>     updatemyself . wrote:
>>     hai...
>>
>>     Look like that u need to rebuild samba...
>>     with "--with-acl-support" option
>>     download src rpm ...... install it..
>>     then edit it... before building ur samba RPM
>>
>>     if u want more.. help.. feel free to contact...
>>
>>     regards
>>     jerrrynikki
>>
>>     On 11/18/05, *Albe* <k3rmit at libero.it <mailto:k3rmit at libero.it>>
>>     wrote:
>>
>>         Hi everybody,
>>
>>         i'm getting mad configuring samba to join an ADS, resolve domain
>>         users and groups and set ACLs via windows explorer on a share
>>         mounted
>>         with POSIX ACL and extended attributes.
>>
>>         At the point where i am, i've managed to get Samba join
>>         correctly the
>>         domain with idmap_rid backend working fine.
>>
>>         I can correctly set (add, remove, modify) file acls and extended
>>         attributes via bash, but when i try to simply add a user
>>         permission
>>         on a file or directory via the windows explorer security
>>         settings i
>>         get in the log (level 3):
>>
>>         [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>            switch message SMBntcreateX (pid 2339) conn 0x8353068
>>         [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
>>            unix_mode( WINDOWSRegDefrag.dat) returning 0744
>>         [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372)
>>            albe opened file WINDOWSRegDefrag.dat read=No write=No
>>         (numopen=1)
>>         [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
>>            Transaction 9 of length 244
>>         [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>            switch message SMBnttrans (pid 2339) conn 0x8353068
>>         [2005/11/17 23:12:22, 3] smbd/
>>         nttrans.c:call_nt_transact_set_security_desc (2081)
>>            call_nt_transact_set_security_desc: file =
>>         WINDOWSRegDefrag.dat,
>>         sent 0x4
>>         [2005/11/17 23:12:22, 3]
>>         passdb/lookup_sid.c:fetch_sid_from_uid_cache
>>         (158)
>>            fetch sid from uid cache 11334 ->
>>         S-1-5-21-2707684321-3739850521-1540700870-1334
>>         [2005/11/17 23:12:22, 3]
>>         passdb/lookup_sid.c:fetch_sid_from_gid_cache
>>         (232)
>>            fetch sid from gid cache 10512 ->
>>         S-1-5-21-2707684321-3739850521-1540700870-512
>>         [2005/11/17 23:12:22, 3]
>>         passdb/lookup_sid.c:fetch_uid_from_cache(179)
>>            fetch uid from cache 11334 ->
>>         S-1-5-21-2707684321-3739850521-1540700870-1334
>>         [2005/11/17 23:12:22, 3]
>>         passdb/lookup_sid.c:fetch_uid_from_cache(179)
>>            fetch uid from cache 11369 ->
>>         S-1-5-21-2707684321-3739850521-1540700870-1369
>>         [2005/11/17 23:12:22, 3]
>>         passdb/lookup_sid.c:fetch_gid_from_cache(253)
>>            fetch gid from cache 10512 ->
>>         S-1-5-21-2707684321-3739850521-1540700870-512
>>         [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
>>            unix_mode(WINDOWSRegDefrag.dat) returning 0744
>>         [2005/11/17 23:12:22, 3] smbd/
>>         posix_acls.c:convert_canon_ace_to_posix_perms(2585)
>>            convert_canon_ace_to_posix_perms: Too many ACE entries for
>>         file
>>         WINDOWSRegDefrag.dat to convert to posix perms.
>>         [2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265)
>>            set_nt_acl: failed to convert file acl to posix
>>         permissions for
>>         file WINDOWSRegDefrag.dat.
>>         [2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147)
>>            error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans)
>>         NT_STATUS_ACCESS_DENIED
>>         [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
>>            Transaction 10 of length 45
>>         [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>            switch message SMBclose (pid 2339) conn 0x8353068
>>         [2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247)
>>            close fd=-1 fnum=11974 (numopen=1)
>>         [2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270)
>>            AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0)
>>
>>         I can correctly set file permission of the classical posix
>>         elements:
>>         user, group and others.
>>
>>
>>         My smb.conf
>>
>>         [global]
>>                  workgroup = AGBSOFT
>>                  realm = AGBSOFT.CH
>>                  server string = CVS Server
>>                  security = ADS
>>                  client schannel = No
>>                  allow trusted domains = No
>>                  password server = agbsoft-nt1.agbsoft.ch
>>         <http://agbsoft-nt1.agbsoft.ch>
>>                  log level = 3
>>                  log file = /var/log/samba/%m.log
>>                  max log size = 0
>>                  socket options = TCP_NODELAY SO_RCVBUF=8192
>>         SO_SNDBUF=8192
>>                  load printers = No
>>                  os level = 18
>>                  preferred master = No
>>                  domain master = No
>>                  wins server = 10.100.0.2 <http://10.100.0.2>
>>                  idmap backend = idmap_rid:AGBSOFT=10000-200000000
>>                  idmap uid = 10000-200000000
>>                  idmap gid = 10000-200000000
>>                  template shell = /bin/bash
>>                  winbind use default domain = Yes
>>                  winbind nested groups = Yes
>>
>>         [prova]
>>                  comment = prova
>>                  path = /home/ftp
>>                  valid users = "@AGBSOFT\Domain Admins"
>>                  read only = No
>>
>>         My samba 3.0.20b is compiled with ads and acl support. Kernel
>>         is a
>>         2.6.14.2 <http://2.6.14.2>, compiled with acl and extended
>>         attributes for used
>>         filesystems.
>>         The system is running a slackware 10.2. I had to rebuild from
>>         source
>>         attr, acl, libattr, libacl to have compiling with acl support.
>>
>>         What i'm i doing wrong?
>>
>>         Thanks in advance for any help.
>>
>>         I remain at disposal for any further information.
>>
>>
>>
>>         Alberto
>>
>>
>>
>>
>>         --
>>         To unsubscribe from this list go to the following URL and
>>         read the
>>         instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>>
>

More information about the samba mailing list