[Samba] ACLs fail in 3.0.23d

Jens Nissen jens.nissen at gmx.net
Mon Jan 29 11:45:32 GMT 2007

Whenever I try to read or modify ACLs from my Windows 2000 PDC, my Samba
Domain Member Server (Security = ADS) does not allow setting ACLs, nor
does it display the existing ACLs.

- I have setup ACLs in my Kernel
- I have translated and installed libacl and libattr
- I can see and modify ACLs with getfacl and setfacl.
- I have translated Samba 3.0.23d with --with-acl-support=yes
- I have enabled ACLs on my share with nt acl support = yes

Still ACLs do not show up, neither for files nor for directories.

(A) Strange thing - a bug in smbd??: even though smbd is dynamically
linked to libacl and libattr (I checked this with ldd), "smbd -b | grep
acl" is empty. Can someone please confirm this?!

(B) I tried smbtorture: OPENATTR and EATEST fail. Does this have
something to do with my ACL problem?

(C) Log excerpt when trying to set ACL: I get
"convert_canon_ace_to_posix_perms: Too many ACE entries" error. I could
not find an explanation for this on the net.

[2007/01/29 12:23:17, 3] smbd/dosmode.c:unix_mode(147)
  unix_mode(acl2.test) returning 0744
[2007/01/29 12:23:17, 3]
  convert_canon_ace_to_posix_perms: Too many ACE entries for file
acl2.test to convert to posix perms.
[2007/01/29 12:23:17, 3] smbd/posix_acls.c:set_nt_acl(3269)
  set_nt_acl: failed to convert file acl to posix permissions for file

(D) What am I missing - how can I approach the issue and find out, why
ACLs do not work on my system?

Kind regards,


More information about the samba mailing list