[Samba] Data migration using net rpc share migrate

Gibbs, Simon Simon.Gibbs at informa.com
Thu Sep 15 14:20:37 GMT 2005


Hi,

I've been looking at this for a while now and still don't seem to be able to
migrate the ACL's.

I can confirm Samba has ACL support built in:
# smbd -b | grep ACL
   HAVE_SYS_ACL_H
   HAVE_POSIX_ACLS
I can also amend/create ACL's on the Samba share via Windows Explorer.

I've checked ownership/permissions of the share Build$ and files within it
and they all belong to the user "gibbss" (simon.gibbs at corplan.net).
Additionally I've set force unknown acl user = Yes on the Build$ share on
the Samba server just in case.

The directory published by Samba as Build$ is owned by the user gibbss and
has full access permission (777).

I'm not quite sure where to look next.
Here's the extended debug from the rpc net migrate files command - it's
level 4:

[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=10.36.32.36
[2005/09/15 15:17:21, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 10.36.32.36 at port 445
[2005/09/15 15:17:21, 4] lib/time.c:get_serverzone(122)
  Serverzone is -3600
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713)
  Doing spnego session setup (blob length=109)
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 48018 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2 3
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
  got principal=macpc$@UK.CORPLAN.NET
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
  Got challenge flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62890215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
  NTLMSSP: Set final flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
syncing    [Build$] files and directories including ACLs, including DOS
Attributes (preserving timestamps)
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=10.36.32.36
[2005/09/15 15:17:21, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 10.36.32.36 at port 445
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713)
  Doing spnego session setup (blob length=109)
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 48018 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2 3
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
  got principal=macpc$@UK.CORPLAN.NET
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
  Got challenge flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62890215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
  NTLMSSP: Set final flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=127.0.0.1
[2005/09/15 15:17:21, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 127.0.0.1 at port 445
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713)
  Doing spnego session setup (blob length=98)
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 113554 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 2 840 48018 1 2 2
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/09/15 15:17:21, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
  got principal=ukfs01$@UK.CORPLAN.NET
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
  Got challenge flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60890215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
  NTLMSSP: Set final flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/09/15 15:17:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/09/15 15:17:21, 3] utils/net_rpc.c:sync_files(2763)
  calling cli_list with mask: \*
[2005/09/15 15:17:21, 3] libsmb/clilist.c:cli_list_new(310)
  received 33 entries (eos=1)
[2005/09/15 15:17:21, 3] utils/net_rpc.c:copy_fn(2674)
  got mask: \*, name: 3DP-2KXP-2181.exe
[2005/09/15 15:17:21, 3] utils/net_rpc.c:copy_fn(2719)
  got file: \3DP-2KXP-2181.exe
  opening file \3DP-2KXP-2181.exe on originating server
  opening file \3DP-2KXP-2181.exe on destination server
copying [\\10.36.32.36\Build$\3DP-2KXP-2181.exe] =>
[\\127.0.0.1\Build$\3DP-2KXP-2181.exe] with ACLs and with DOS Attributes
(preserving timestamps)
  opening file \3DP-2KXP-2181.exe on originating server
DACL
        ACL     Num ACEs:       1       revision:       2
        ---
        ACE
                type: ACCESS ALLOWED (0) flags: 16
                Specific bits: 0x1ff
                Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
                SID: S-1-5-21-25276289-2414859457-3260481563-2975

        Owner SID:      S-1-5-21-25276289-2414859457-3260481563-2975
        Parent SID:     S-1-5-21-1547161642-839522115-682003330-513
[2005/09/15 15:17:32, 1] libsmb/clisecdesc.c:cli_set_secdesc(127)
  NT_TRANSACT_SET_SECURITY_DESC failed
[2005/09/15 15:17:32, 0] utils/net_rpc_printer.c:net_copy_fileattr(384)
  could not set secdesc on \3DP-2KXP-2181.exe: NT_STATUS_ACCESS_DENIED
could not copy file \3DP-2KXP-2181.exe: NT_STATUS_ACCESS_DENIE

Thanks,

Simon

> From: Guenther Deschner <gd at samba.org>
> Date: Tue, 6 Sep 2005 12:25:30 +0200
> To: "Gibbs, Simon" <Simon.Gibbs at informa.com>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: Re: [Samba] Data migration using net rpc share migrate
> 
> Hi,
> 
> On Mon, Sep 05, 2005 at 05:04:04PM +0100, Gibbs, Simon wrote:
>> Hi,
>> 
>> I¹m in the process of testing out the net rpc share migrate data migration
>> tool but keep running into an error message when using the --acl option.
>> 
>> I¹m testing using the following command:
>> net rpc share migrate files -S 10.36.32.36 --acls --attrs --timestamps -v -U
>> "gibbss" 
>> but get with this error for each file in the share:
>> [2005/09/05 16:50:02, 0] utils/net_rpc_printer.c:net_copy_fileattr(384)
>>   could not set secdesc on \WinAXE_Plus_v7\xwpdllid.dll:
>> NT_STATUS_ACCESS_DENIED
>> could not copy file \WinAXE_Plus_v7\xwpdllid.dll: NT_STATUS_ACCESS_DENIED
>> Each file copies OK and the timestamp is correct but none of the ACL¹s are
>> there.
>> 
>> ACL/xattrs mount options have already been added to the filesystem and I can
>> use setfacl/getfacl so can¹t see a problem with ACL support and the share is
>> on a PC logged in with the user account specified so all the files are owned
>> by that account. I guess this must be a permission problem somewhere but
>> can¹t think what it may be.
>> 
>> Can anyone point me in the right direction?
> 
> this can happen because of:
> 
> - smbd not being built with acl-support (verify by setting ACLs manually using
>   Explorer)
> 
> - a chown failing due to the fact that the owner of that particular file on
>   10.36.32.36 is a group (and not a user) *and* that the share you are
>   copying to on samba has not set the "force unknown acl user" option. If this
> file is
>   owned by a group then set "force unknown acl user = yes" on the samba
>   share.
> 
> - the user "gibbs" cannot set ACLs to files inside that directory due to
>   permissions. You could increase the samba log level to find out where it
>   fails.
> 
> 
> Guenther
> -- 
> Günther Deschner                    GPG-ID: 8EE11688
> Novell / SUSE LINUX                       gd at suse.de
> Samba Team                              gd at samba.org




********************************************************************************
The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by T&F Informa for any loss or damage arising in any way from receipt or use thereof.  Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. 
If you have received this message in error, please notify us by return and delete the message and any attachments.  Further enquiries/returns can be sent to postmaster at tfinforma.com



More information about the samba mailing list