[Samba] acl problem

stefanke at micodat.com stefanke at micodat.com
Wed Sep 28 09:16:25 GMT 2005

Hi all,

I habe a strange Problem with Samba 3.0.20-SUSE-SERNET (ad memberserver). Everytime I try to access a file/directory with user-acls via a XP box I get access denied! The group-acls works. On W2K and NT4 Clients there is no problem like this.

client output

 fetch sid from uid cache 11147 -> S-1-5-21-1935655697-790525478-682003330-1147
[2005/09/28 09:53:27, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(158)
  fetch sid from uid cache 11149 -> S-1-5-21-1935655697-790525478-682003330-1149
[2005/09/28 09:53:27, 5] smbd/files.c:file_free(459)
  freed files structure 5002 (0 used)
[2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(250)
[2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-1977721719-1418567724-1093324438-23294
  se_access_check: also S-1-5-21-1977721719-1418567724-1093324438-22027
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-513
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2135
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2142
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2126
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2131
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2128
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2146
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2123
  se_access_check: also S-1-5-21-1935655697-790525478-682003330-2136
[2005/09/28 09:53:27, 5] lib/util_seaccess.c:se_access_check(314)
  se_access_check: access (1) denied.

As you can see samba says the user sid ist "S-1-5-21-1977721719-1418567724-1093324438-23294", but this is not correct, true is "S-1-5-21-1935655697-790525478-682003330-1147"!  

Ok with the wrong user sid I get no access to files with user acls and since the group sids are ok I get access to file with groups acls.

What`s going wrong here? Any suggestions?


To: gd at samba.org
Cc: vlendec at samba.org

More information about the samba mailing list