[Samba] Can't set ACL on Samba
Albe
k3rmit at libero.it
Tue Nov 22 08:33:47 GMT 2005
/Unable to save permission changes on Directory on Server
Access is denied.
/
This is it.
The samba log is the one attached in the first post.
Regards,
Alberto
updatemyself . wrote:
> Ok what the error u r getting while u setting permission from windows..?
>
>
>
>
> On 11/21/05, *Albe* <k3rmit at libero.it <mailto:k3rmit at libero.it>> wrote:
>
> ok, here they are:
>
> /Filesystem Size Used Avail Use% Mounted on
> /dev/hda1 5.8G 3.1G 2.4G 57% /
> /dev/hda6 67G 341M 67G 1% /home
> /dev/sda1 115G 109G 6.2G 95% /mnt/EHD
> /
> //dev/hda1 on / type ext3 (rw,acl,user_xattr)
> none on /proc type proc (rw)
> none on /proc/bus/usb type usbfs (rw)
> none on /sys type sysfs (rw)
> /dev/hda6 on /home type ext3 (rw)
> /dev/sda1 on /mnt/EHD type reiserfs (rw,acl,user_xattr)
> /
> regards
>
> albe
>
>
>
> updatemyself . wrote:
>> it will be better if u can provide.. the following commands..
>>
>> df -h and mount
>>
>> regards
>> Jerrynikki
>>
>> On 11/21/05, *Albe* <k3rmit at libero.it <mailto:k3rmit at libero.it>>
>> wrote:
>>
>> My samba 3.0.20b is compiled with ads and acl support. Kernel
>> is a
>> 2.6.14.2 <http://2.6.14.2>, compiled with acl and extended
>> attributes for used
>> filesystems.
>> The system is running a slackware 10.2. I had to rebuild from
>> source
>> attr, acl, libattr, libacl to have compiling with acl support.
>>
>> plus
>>
>> /[root at ariannadb EHD]# smbd -b | grep ACL
>> HAVE_SYS_ACL_H
>> HAVE_POSIX_ACLS
>> [root at ariannadb EHD]#
>> /
>> I doublechecked that.
>>
>> I also found out that the groups created by the idmap_rid
>> backend do not reflect entirely the real groups in the Active
>> Directory domain.
>>
>> Thanks for the help.
>>
>> Regards,
>>
>>
>> Alberto
>>
>>
>>
>> updatemyself . wrote:
>>> hai...
>>>
>>> Look like that u need to rebuild samba...
>>> with "--with-acl-support" option
>>> download src rpm ...... install it..
>>> then edit it... before building ur samba RPM
>>>
>>> if u want more.. help.. feel free to contact...
>>>
>>> regards
>>> jerrrynikki
>>>
>>> On 11/18/05, *Albe* <k3rmit at libero.it
>>> <mailto:k3rmit at libero.it>> wrote:
>>>
>>> Hi everybody,
>>>
>>> i'm getting mad configuring samba to join an ADS,
>>> resolve domain
>>> users and groups and set ACLs via windows explorer on a
>>> share mounted
>>> with POSIX ACL and extended attributes.
>>>
>>> At the point where i am, i've managed to get Samba join
>>> correctly the
>>> domain with idmap_rid backend working fine.
>>>
>>> I can correctly set (add, remove, modify) file acls and
>>> extended
>>> attributes via bash, but when i try to simply add a user
>>> permission
>>> on a file or directory via the windows explorer security
>>> settings i
>>> get in the log (level 3):
>>>
>>> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>> switch message SMBntcreateX (pid 2339) conn 0x8353068
>>> [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
>>> unix_mode( WINDOWSRegDefrag.dat) returning 0744
>>> [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372)
>>> albe opened file WINDOWSRegDefrag.dat read=No
>>> write=No (numopen=1)
>>> [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
>>> Transaction 9 of length 244
>>> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>> switch message SMBnttrans (pid 2339) conn 0x8353068
>>> [2005/11/17 23:12:22, 3] smbd/
>>> nttrans.c:call_nt_transact_set_security_desc (2081)
>>> call_nt_transact_set_security_desc: file =
>>> WINDOWSRegDefrag.dat,
>>> sent 0x4
>>> [2005/11/17 23:12:22, 3]
>>> passdb/lookup_sid.c:fetch_sid_from_uid_cache
>>> (158)
>>> fetch sid from uid cache 11334 ->
>>> S-1-5-21-2707684321-3739850521-1540700870-1334
>>> [2005/11/17 23:12:22, 3]
>>> passdb/lookup_sid.c:fetch_sid_from_gid_cache
>>> (232)
>>> fetch sid from gid cache 10512 ->
>>> S-1-5-21-2707684321-3739850521-1540700870-512
>>> [2005/11/17 23:12:22, 3]
>>> passdb/lookup_sid.c:fetch_uid_from_cache(179)
>>> fetch uid from cache 11334 ->
>>> S-1-5-21-2707684321-3739850521-1540700870-1334
>>> [2005/11/17 23:12:22, 3]
>>> passdb/lookup_sid.c:fetch_uid_from_cache(179)
>>> fetch uid from cache 11369 ->
>>> S-1-5-21-2707684321-3739850521-1540700870-1369
>>> [2005/11/17 23:12:22, 3]
>>> passdb/lookup_sid.c:fetch_gid_from_cache(253)
>>> fetch gid from cache 10512 ->
>>> S-1-5-21-2707684321-3739850521-1540700870-512
>>> [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
>>> unix_mode(WINDOWSRegDefrag.dat) returning 0744
>>> [2005/11/17 23:12:22, 3] smbd/
>>> posix_acls.c:convert_canon_ace_to_posix_perms(2585)
>>> convert_canon_ace_to_posix_perms: Too many ACE
>>> entries for file
>>> WINDOWSRegDefrag.dat to convert to posix perms.
>>> [2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265)
>>> set_nt_acl: failed to convert file acl to posix
>>> permissions for
>>> file WINDOWSRegDefrag.dat.
>>> [2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147)
>>> error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans)
>>> NT_STATUS_ACCESS_DENIED
>>> [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
>>> Transaction 10 of length 45
>>> [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
>>> switch message SMBclose (pid 2339) conn 0x8353068
>>> [2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247)
>>> close fd=-1 fnum=11974 (numopen=1)
>>> [2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270)
>>> AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0)
>>>
>>> I can correctly set file permission of the classical
>>> posix elements:
>>> user, group and others.
>>>
>>>
>>> My smb.conf
>>>
>>> [global]
>>> workgroup = AGBSOFT
>>> realm = AGBSOFT.CH
>>> server string = CVS Server
>>> security = ADS
>>> client schannel = No
>>> allow trusted domains = No
>>> password server = agbsoft-nt1.agbsoft.ch
>>> <http://agbsoft-nt1.agbsoft.ch>
>>> log level = 3
>>> log file = /var/log/samba/%m.log
>>> max log size = 0
>>> socket options = TCP_NODELAY SO_RCVBUF=8192
>>> SO_SNDBUF=8192
>>> load printers = No
>>> os level = 18
>>> preferred master = No
>>> domain master = No
>>> wins server = 10.100.0.2 <http://10.100.0.2>
>>> idmap backend = idmap_rid:AGBSOFT=10000-200000000
>>> idmap uid = 10000-200000000
>>> idmap gid = 10000-200000000
>>> template shell = /bin/bash
>>> winbind use default domain = Yes
>>> winbind nested groups = Yes
>>>
>>> [prova]
>>> comment = prova
>>> path = /home/ftp
>>> valid users = "@AGBSOFT\Domain Admins"
>>> read only = No
>>>
>>> My samba 3.0.20b is compiled with ads and acl support.
>>> Kernel is a
>>> 2.6.14.2 <http://2.6.14.2>, compiled with acl and
>>> extended attributes for used
>>> filesystems.
>>> The system is running a slackware 10.2. I had to rebuild
>>> from source
>>> attr, acl, libattr, libacl to have compiling with acl
>>> support.
>>>
>>> What i'm i doing wrong?
>>>
>>> Thanks in advance for any help.
>>>
>>> I remain at disposal for any further information.
>>>
>>>
>>>
>>> Alberto
>>>
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL
>>> and read the
>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>
>>>
>>
>
More information about the samba
mailing list