[Samba] Re: ACL not working

Travis Bullock tbullock at avmaxgrp.com
Wed Apr 26 15:20:58 GMT 2006 

It was the 040 that was concerning me. I do not see that on my other Samba
server so I thought it may be the cause of the problem.

The problem I am having is that only an account belonging to the owner's
group, in this case Domain Admins, can access my Samba shares on this
server. If a member of the Domain Users group, applied through ACL, attempts
to access shares on this server the "Network Path is not Found". When I
check the smbd log, when attempting to connect to GF_Scans, for example, is
see this:

[2006/04/26 08:16:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2006/04/26 08:16:26, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [AVTrain] -> [AVTrain] ->
[AVMAX+avtrain] succeeded
[2006/04/26 08:16:26, 2] lib/access.c:check_access(324)
  Allowed connection from  (10.4.8.244)
[2006/04/26 08:16:26, 0] smbd/service.c:make_connection_snum(615)
  '/usr/GFM_Shares/GF_Scans' does not exist or is not a directory, when
connecting to [GF_Scans]

Here is the ACL on GF_Scans:

[root at gfm-atlas GFM_Shares]# getfacl GF_Scans/
# file: GF_Scans
# owner: root
# group: AVMAX+domainadmins
user::rwx
group::rwx
group:AVMAX+gf_users:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:AVMAX+gf_users:rwx
default:mask::rwx
default:other::---

So a member of the Domain Admins can access no problem. A member of
GF_Users, gets the error in smbd log.

Cheers,

Travis



-----Original Message-----
From: samba-bounces+tbullock=avmaxgrp.com at lists.samba.org
[mailto:samba-bounces+tbullock=avmaxgrp.com at lists.samba.org] On Behalf Of
Leonid Zeitlin
Sent: April 26, 2006 7:45 AM
To: samba at lists.samba.org
Subject: [Samba] Re: ACL not working


"Travis Bullock" <tbullock at avmaxgrp.com> ???????/???????? ? ???????? 
?????????: news:200604260129.k3Q1TxxU019842 at mail.avmaxgrp.com...
> Has anyone seen this when they do a getfacl on a samba share?
>
>
>
> [root at gfm-atlas GFM_Shares]# getfacl Installpoint/
>
> # file: Installpoint
>
> # owner: root
>
> # group: AVMAX+domainadmins
>
> user::rwx
>
> group::rwx
>
> group:AVMAX+domain\040users:r-x
>
> mask::rwx
>
> other::---
>
> default:user::rwx
>
> default:group::rwx
>
> default:group:AVMAX+domain\040users:r-x
>
> default:mask::rwx
>
> default:other::---
>
>
>
> Notice the AVMAX+domain\040users anomaly. I have another Samba/Winbind
> server on the same domain and I do not get that when I apply ACL's.

Hi Travis,
What exactly are you concerned about? If it's the + sign, probably you have 
winbind separator set to + in smb.conf. If it's the \040 sequence, it just 
denotes space.

Regards,
  Leonid 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list