[Samba] ACL changes on Samba NT 4.0 Member Server

Hans-Wilhelm Heisinger wheisinger at semcowindows.com
Thu Nov 1 15:39:38 GMT 2007

I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0 
domain, with a simple share setup with ACLs.  The permissions on the 
share from Windows XP Pro Security tab shows Everyone, and root (Unix 
Group\root) without any Permissions.  When trying to add permissions 
from XP while logged on as CPDOM+admin the error is display "Unable to 
save permission changes on "share name" on "server name" Access is 
denied.  Files can be copied to the share but can't be opened.  Below is 
the smb.conf.  I believe ACLs would work if I add access.  I tried 
setting the ACLs using setfacl and then the permissions show full 
control from XP, but I'm still unable to change permissions or open files.


    winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = no

    security = domain
    workgroup = CPDOM
    netbios name = FILE_SRV
    password server = XSERVER
    server string =

    comment = FILES
    path = /files
    guest ok = yes
    create mask = 0777
    writeable = yes
    nt acl support = yes
    oplocks = no
    browseable = yes
    dos filemode = yes    
    admin users = CPDOM+admin


More information about the samba mailing list