[Samba] Can't see or change ACLs on Windows

Doug VanLeuven roamdad at sonic.net
Tue Oct 30 17:23:16 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eric Diven wrote:

> -----Original Message-----
> From: Eric Diven 
> Sent: Tuesday, October 30, 2007 11:29 AM
> To: 'Volker.Lendecke at SerNet.DE'
> Subject: RE: [Samba] Can't see or change ACLs on Windows
> 
> On Tue, Oct 30, 2007 at 10:59:41AM -0400, Eric Diven wrote:
>> Okay, here's what I've figured out from trying to do what you
> suggested:
> 
> Well, so far we haven't seen any debug logs.
> 
> Volker
> 
> So far, neither have I.  I'm getting nothing in the logs on either
> CentOS or Solaris when I do anything from the windows client.  Neither
> the mtimes nor the file sizes on the logs that get generated at startup
> are changing, and I'm not getting any new logfiles for client machines
> that log on:
> 
> "Annoyingly, I'm not getting any logging for clients.  Why, I don't
> know.
> I see start-up messages correctly in the log.smbd file, including those
> at log level 10, but not ones from clients.
> 
> Here are the logging-related lines from smbd.conf
> 
> # this tells Samba to use a separate log file for each machine # that
> connects
>    log file = /var/log/samba/log.%m
> 
> # Put a capping on the size of the log files (in Kb).
>    max log size = 50"
> 
> ^ From yesterday ^
> 
> If I could trouble you with a really stupid question:  Do I need to jack
> the logging up on nmbd to 10 as well?  I'm working under the assumption
> that this is an smbd problem, so that's where I've turned up the
> logging.  We all know of course what happens when you assume ;-) 
> 

Neither of these lines set the log level.

Getting windows acl's is a multi step process.

You need a file system capable of supporting extended acl's.  I believe
you previously said you were using UFS file system.  I haven't used UFS
since 1987.  Man Mount on linux doesn't suggest extended acl's are
supported.  Are they?

Once the file system is capable of supporting extended acl's, you need
to mount the filesystem with the appropriate options.  By default,
considering the age of UFS, I would assume extended acl's aren't
supported by default, if they are at all.

Once the filesystem is mounted with the right options, then samba has to
have been compiled with the correct options, which you've verified.

After all that, samba has top be configured correctly to support acl's
in windows.  Samba can be configured to serve files in ms-dos mode, so
it's not a given.

Usually, if someone is asked to show the configuration, put out the
entire conf file.  There's been a lot of dribs and drabs, but much has
been missing.  First thing I do is run a copy thru testparm.  Most of
this thread has been like blind mans bluff.

Just so you know - a lot of people are using acl's in samba.

Regards, Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHJ2iEFqWysr/jOHMRAhuaAKCZ290GjunbtNKkx9azKVDG0BgIzwCg13Mm
fFNoMm3bb1wUPfdQvkrM3w4=
=QcZo
-----END PGP SIGNATURE-----


More information about the samba mailing list