[Samba] ACL changes on Samba NT 4.0 Member Server

John Drescher drescherjm at gmail.com
Thu Nov 1 16:53:49 GMT 2007


On 11/1/07, Hans-Wilhelm Heisinger <wheisinger at semcowindows.com> wrote:
> I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0
> domain, with a simple share setup with ACLs.  The permissions on the
> share from Windows XP Pro Security tab shows Everyone, and root (Unix
> Group\root) without any Permissions.  When trying to add permissions
> from XP while logged on as CPDOM+admin the error is display "Unable to
> save permission changes on "share name" on "server name" Access is
> denied.  Files can be copied to the share but can't be opened.  Below is
> the smb.conf.  I believe ACLs would work if I add access.  I tried
> setting the ACLs using setfacl and then the permissions show full
> control from XP, but I'm still unable to change permissions or open files.
>
> [global]
>
>     winbind separator = +
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind use default domain = no
>
>     security = domain
>     workgroup = CPDOM
>     netbios name = FILE_SRV
>     password server = XSERVER
>     server string =
>
>
> [data]
>     comment = FILES
>     path = /files
>     guest ok = yes
>     create mask = 0777
>     writeable = yes
>     nt acl support = yes
>     oplocks = no
>     browseable = yes
>     dos filemode = yes
>     admin users =
>

Your smb.conf file looks fine. Can  CPDOM+admin log into the unix
system and create files? You are mounting your unix filesystem with
acls enabled? Also can you post an ls -al on /files


More information about the samba mailing list