[Samba] Can't set ACL on Samba
updatemyself .
updatemyself at gmail.com
Wed Nov 23 11:12:35 GMT 2005
Sorry frr the delay....
make sure that your Winodws Domain Administartor is
the owner of those files or folders.. before u try to set permission
through windows....
may be it will owned by.. root or any other use who created.. it..
in that share...
hope "chown -R .......... ............ " will help u..
regards
jerrynikki
On 11/22/05, Albe <k3rmit at libero.it> wrote:
>
> *Unable to save permission changes on Directory on Server
>
> Access is denied.
> *
>
> This is it.
>
> The samba log is the one attached in the first post.
>
>
> Regards,
>
>
> Alberto
>
>
> updatemyself . wrote:
>
> Ok what the error u r getting while u setting permission from windows..?
>
>
>
>
> On 11/21/05, Albe <k3rmit at libero.it> wrote:
> >
> > ok, here they are:
> >
> > *Filesystem Size Used Avail Use% Mounted on
> > /dev/hda1 5.8G 3.1G 2.4G 57% /
> > /dev/hda6 67G 341M 67G 1% /home
> > /dev/sda1 115G 109G 6.2G 95% /mnt/EHD
> > *
> > */dev/hda1 on / type ext3 (rw,acl,user_xattr)
> > none on /proc type proc (rw)
> > none on /proc/bus/usb type usbfs (rw)
> > none on /sys type sysfs (rw)
> > /dev/hda6 on /home type ext3 (rw)
> > /dev/sda1 on /mnt/EHD type reiserfs (rw,acl,user_xattr)
> > *
> > regards
> >
> > albe
> >
> >
> > updatemyself . wrote:
> >
> > it will be better if u can provide.. the following commands..
> >
> > df -h and mount
> >
> > regards
> > Jerrynikki
> >
> > On 11/21/05, Albe <k3rmit at libero.it> wrote:
> > >
> > > My samba 3.0.20b is compiled with ads and acl support. Kernel is a
> > > 2.6.14.2, compiled with acl and extended attributes for used
> > > filesystems.
> > > The system is running a slackware 10.2. I had to rebuild from source
> > > attr, acl, libattr, libacl to have compiling with acl support.
> > >
> > > plus
> > >
> > > *[root at ariannadb EHD]# smbd -b | grep ACL
> > > HAVE_SYS_ACL_H
> > > HAVE_POSIX_ACLS
> > > [root at ariannadb EHD]#
> > > *
> > > I doublechecked that.
> > >
> > > I also found out that the groups created by the idmap_rid backend do
> > > not reflect entirely the real groups in the Active Directory domain.
> > >
> > > Thanks for the help.
> > >
> > > Regards,
> > >
> > >
> > > Alberto
> > >
> > >
> > > updatemyself . wrote:
> > >
> > > hai...
> > >
> > > Look like that u need to rebuild samba...
> > > with "--with-acl-support" option
> > > download src rpm ...... install it..
> > > then edit it... before building ur samba RPM
> > >
> > > if u want more.. help.. feel free to contact...
> > >
> > > regards
> > > jerrrynikki
> > >
> > > On 11/18/05, Albe <k3rmit at libero.it> wrote:
> > > >
> > > > Hi everybody,
> > > >
> > > > i'm getting mad configuring samba to join an ADS, resolve domain
> > > > users and groups and set ACLs via windows explorer on a share
> > > > mounted
> > > > with POSIX ACL and extended attributes.
> > > >
> > > > At the point where i am, i've managed to get Samba join correctly
> > > > the
> > > > domain with idmap_rid backend working fine.
> > > >
> > > > I can correctly set (add, remove, modify) file acls and extended
> > > > attributes via bash, but when i try to simply add a user permission
> > > > on a file or directory via the windows explorer security settings i
> > > > get in the log (level 3):
> > > >
> > > > [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> > > > switch message SMBntcreateX (pid 2339) conn 0x8353068
> > > > [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
> > > > unix_mode( WINDOWSRegDefrag.dat) returning 0744
> > > > [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372)
> > > > albe opened file WINDOWSRegDefrag.dat read=No write=No
> > > > (numopen=1)
> > > > [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
> > > > Transaction 9 of length 244
> > > > [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> > > > switch message SMBnttrans (pid 2339) conn 0x8353068
> > > > [2005/11/17 23:12:22, 3] smbd/
> > > > nttrans.c:call_nt_transact_set_security_desc (2081)
> > > > call_nt_transact_set_security_desc: file = WINDOWSRegDefrag.dat,
> > > > sent 0x4
> > > > [2005/11/17 23:12:22, 3]
> > > > passdb/lookup_sid.c:fetch_sid_from_uid_cache
> > > > (158)
> > > > fetch sid from uid cache 11334 ->
> > > > S-1-5-21-2707684321-3739850521-1540700870-1334
> > > > [2005/11/17 23:12:22, 3]
> > > > passdb/lookup_sid.c:fetch_sid_from_gid_cache
> > > > (232)
> > > > fetch sid from gid cache 10512 ->
> > > > S-1-5-21-2707684321-3739850521-1540700870-512
> > > > [2005/11/17 23:12:22, 3]
> > > > passdb/lookup_sid.c:fetch_uid_from_cache(179)
> > > > fetch uid from cache 11334 ->
> > > > S-1-5-21-2707684321-3739850521-1540700870-1334
> > > > [2005/11/17 23:12:22, 3]
> > > > passdb/lookup_sid.c:fetch_uid_from_cache(179)
> > > > fetch uid from cache 11369 ->
> > > > S-1-5-21-2707684321-3739850521-1540700870-1369
> > > > [2005/11/17 23:12:22, 3]
> > > > passdb/lookup_sid.c:fetch_gid_from_cache(253)
> > > > fetch gid from cache 10512 ->
> > > > S-1-5-21-2707684321-3739850521-1540700870-512
> > > > [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
> > > > unix_mode(WINDOWSRegDefrag.dat) returning 0744
> > > > [2005/11/17 23:12:22, 3] smbd/
> > > > posix_acls.c:convert_canon_ace_to_posix_perms(2585)
> > > > convert_canon_ace_to_posix_perms: Too many ACE entries for file
> > > > WINDOWSRegDefrag.dat to convert to posix perms.
> > > > [2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265)
> > > > set_nt_acl: failed to convert file acl to posix permissions for
> > > > file WINDOWSRegDefrag.dat.
> > > > [2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147)
> > > > error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans)
> > > > NT_STATUS_ACCESS_DENIED
> > > > [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
> > > > Transaction 10 of length 45
> > > > [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
> > > > switch message SMBclose (pid 2339) conn 0x8353068
> > > > [2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247)
> > > > close fd=-1 fnum=11974 (numopen=1)
> > > > [2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270)
> > > > AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0)
> > > >
> > > > I can correctly set file permission of the classical posix elements:
> > > > user, group and others.
> > > >
> > > >
> > > > My smb.conf
> > > >
> > > > [global]
> > > > workgroup = AGBSOFT
> > > > realm = AGBSOFT.CH
> > > > server string = CVS Server
> > > > security = ADS
> > > > client schannel = No
> > > > allow trusted domains = No
> > > > password server = agbsoft-nt1.agbsoft.ch
> > > > log level = 3
> > > > log file = /var/log/samba/%m.log
> > > > max log size = 0
> > > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > > > load printers = No
> > > > os level = 18
> > > > preferred master = No
> > > > domain master = No
> > > > wins server = 10.100.0.2
> > > > idmap backend = idmap_rid:AGBSOFT=10000-200000000
> > > > idmap uid = 10000-200000000
> > > > idmap gid = 10000-200000000
> > > > template shell = /bin/bash
> > > > winbind use default domain = Yes
> > > > winbind nested groups = Yes
> > > >
> > > > [prova]
> > > > comment = prova
> > > > path = /home/ftp
> > > > valid users = "@AGBSOFT\Domain Admins"
> > > > read only = No
> > > >
> > > > My samba 3.0.20b is compiled with ads and acl support. Kernel is a
> > > > 2.6.14.2, compiled with acl and extended attributes for used
> > > > filesystems.
> > > > The system is running a slackware 10.2. I had to rebuild from source
> > > > attr, acl, libattr, libacl to have compiling with acl support.
> > > >
> > > > What i'm i doing wrong?
> > > >
> > > > Thanks in advance for any help.
> > > >
> > > > I remain at disposal for any further information.
> > > >
> > > >
> > > >
> > > > Alberto
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> > >
> >
>
More information about the samba
mailing list