[Samba] Re: How to make "Add permission" for folder in system with ntacl support? Part 2

Pawel Jaworski pawel.jaworski at enterit.pl
Thu Dec 6 13:37:03 GMT 2007 

Pawel Jaworski pisze:
> Hello.
> 
> Sorry I didn't post it under the "how to make..." email - I didn't
> received it - I only found it in archives. But I think we both mean the
> same.
> 
> All this below regards samba on debian etch: 3.0.24-6etch4
> 
> I have a share on partition mounted with acl (options=acl,...). As you
> know I can locally on server add another ACL entries on files in that
> folder. When I connect with windows 2000 to that share there are some
> ACEs in there (all visible with username, not sid).
> 
> 1) When I try to add another user It asks for username again and then
> says "The credentials supplied conflict with an existing set of
> credentials" and it doesn't show any users which I could add. I cannot
> also add any username I know.
> 2) When I try to add another user in Windows XP it simply asks me for
> username and then doesn't allow any username to be added to ACL (the
> same as in 2K)
> 3) When I run under linux net rpc users -Uusername - it shows me ALL
> users from server
> 4) Finally when I run windows on my other machine (where I never
> intended to use acls) which is debian sarge (samba 3.0.14a-3sarge) it
> ALL WORKS. I can add users, chose them from list (it was only tested
> under windows 2000)
> 5) I tried to install pure samba sarge on clean vm (with etch) and it
> also didn't work.
> 
> It appears to me that windows somehow cannot get userlist from samba
> server, but I don't know why, because net rpc does it well. I also tried
> to copy whole smb.conf from that server where all is working - it didn't
> help. Many tries I've done with no result.
> 
> Please - anybody has it configured? It would be my salvation (in terms
> of job and servers and administration also ;) )... It would solve half
> of my problems. Help meee!
> 
> Pawel
> 

I've just read here: 
http://techxworld.com/community/blogs/features/archive/2007/05/21/acls-on-samba.aspx
that samba can be somewhat problematic when it comes to standalone 
server, not connected to any domain - with fetching users list. But one 
my server alredy does it well. And in my work there is no possibility to 
connect the server to PDC because there is no PDC (we only have 2 
windowses).


Have anybody met such problem? Have anybody overcome it?

Pawel Jaworski

More information about the samba mailing list