[Samba] ACLs with Problem

Luis Henrique de Faria Guimarães henrique at ecp.org.br
Thu Sep 22 14:43:06 GMT 2005 

Hi All,

I am with problem with the permissions of windows.
The samba is not getting the ACLs permissions.  I compiled version 3.0.20, with the following options:

./configure \
        --prefix=/usr/local/samba \
        --localstatedir=/var \
        --with-configdir=/etc/samba \
        --with-privatedir=/etc/samba \
        --with-fhs \
        --with-quotas \
        --with-smbmount \
        --enable-cups \
        --with-pam \
        --with-pam_smbpass \
        --with-syslog \
        --with-utmp \
        --with-sambabook=/usr/local/samba/share/swat/using_samba \
        --with-swatdir=/usr/local/samba/share/swat \
        --with-shared-modules=idmap_rid \
        --with-libsmbclient \
        --with-acl-support \
        --with-winbind \
        --with-ads \
        --with-krb5=/usr/kerberos

Below mine smb.conf:

[global]
        workgroup = ECPNET
        netbios name = PINHEIROS_BETA
#       unix charset = iso8859-1
        display charset = cp850
        realm = ECP.ORG.BR
        server string = Samba Server
        security = ADS
        auth methods = winbind
        client schannel = No
        password server = *
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *
passwd:*all*authentication*tokens*updated*successfully*
        #username map = /usr/local/samba/etc/smbusers
        password level = 8
        username level = 8
        log file = /var/log/samba/%m.log
        log level = 3 auth:3 winbind:3
        max log size = 50
        nt acl support = Yes
        domain admin group = admins
        acl compatibility = win2k
        acl map full control = yes
        acl check permissions = no
        acl group control = yes
        inherit acls = Yes
        profile acls = Yes
        map acl inherit = Yes
        name resolve order = host wins bcast
        server signing = auto
        client use spnego = Yes
        socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        addprinter command = addprinter
        deleteprinter command = delprinter
        add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c
        local master = No
        dns proxy = No
        wins server = 10.0.0.5, 10.0.0.4
        ldap ssl = no
        add share command = /usr/local/samba/share/modify_samba_config.pl
        change share command = /usr/local/samba/share/modify_samba_config.pl
        delete share command = /usr/local/samba/share/modify_samba_config.pl
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /data/users/%U
        template shell = /bin/ksh
        winbind use default domain = Yes
        admin users = corniani, administrator, henrique
        read only = No
        force unknown acl user = Yes
        guest ok = Yes
[Teste1]
        comment = Teste de ACL Linux
        path = /data/teste
        browseable = Yes
        admin users = ECPNET\henrique
        read only = No

With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem.  However, the ACL do not function.  They see the exit with command getfacl teste.txt:

[root at redfree teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--

The user henrique appears in linux, but he does not appear in windows.  When I try to add permissions through windows appears a message of "denied access".
Somebody can help me

Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
henrique at ecp.org.br

More information about the samba mailing list