[Samba] Samba 3.0.33 ignoring group ACL after joining to AD

Krigler Pavol krigler at energotel.sk
Sat Jul 3 10:14:15 MDT 2010


Hello,

I have installed CentOS 4.8 with samba 3.0.33. After joining to AD,
group permission do not work. After "net groupmap add..." command
nothing changed:

# getfacl TESTDIR/
# file: TESTDIR
# owner: root
# group: testgroup
user::rwx
group::rwx
other::---

user1 is in group "testgroup"

net groupmap list
testgroup (S-1-5-21-2207241064-1835560224-3992551478-2193) -> testgroup

I am not able read from directory TESTDIR although the user1 is member
of "testgroup"

Here is my smb.conf:
[global]
   workgroup = ad
   server string = Intranet
   netbios name = IS
   follow symlinks=yes
dos filemode = yes
acl group control = yes
inherit permissions = no
nt acl support = yes
map acl inherit = yes
   realm = AD.COMPANY.COM
   server signing = auto
 log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   password server = 10.1.1.1
  encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
domain master = no
preferred master = no
   dns proxy = no
   template shell = /bin/false
   winbind use default domain = yes
idmap backend = ad
idmap uid = 100-20000000
idmap gid = 100-20000000
winbind nss info = rfc2307
[share]
   comment = Some share
   path = /var/opt/share/
   public = yes
   writable = yes
   create mask = 0664
   directory mask = 0775
   browseable = yes


Below are log level 10 debug messages:
======================================
[2010/07/03 16:59:50, 3] smbd/process.c:switch_message(932)
  switch message SMBtrans2 (pid 4097) conn 0x8b67a28
[2010/07/03 16:59:50, 4] smbd/uid.c:change_to_user(183)
  change_to_user: Skipping user change - already user
[2010/07/03 16:59:50, 3] smbd/trans2.c:call_trans2findfirst(1704)
  call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=0, close_if_end = 2 requires_resume_key = 4 level =
0x104, max_data_bytes = 16384
[2010/07/03 16:59:50, 5] smbd/filename.c:unix_convert(147)
  unix_convert called on file "ip/dokumentacia/server/TESTDIR/*"
[2010/07/03 16:59:50, 10] smbd/statcache.c:stat_cache_lookup(215)
  stat_cache_lookup: lookup failed for name
[IP/DOKUMENTACIA/SERVER/TESTDIR/*]
[2010/07/03 16:59:50, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name
[IP/DOKUMENTACIA/SERVER/TESTDIR] -> [ip/dokumentacia/server/TESTDIR]
[2010/07/03 16:59:50, 5] smbd/filename.c:unix_convert(246)
  unix_convert begin: name = ip/dokumentacia/server/TESTDIR/*, dirpath =
ip/dokumentacia/server/TESTDIR, start = *
[2010/07/03 16:59:50, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled * ?
[2010/07/03 16:59:50, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component * (len 1) ?
[2010/07/03 16:59:50, 5] smbd/trans2.c:call_trans2findfirst(1769)
  dir=ip/dokumentacia/server/TESTDIR, mask = *
[2010/07/03 16:59:50, 5] smbd/dir.c:dptr_create(392)
  dptr_create dir=ip/dokumentacia/server/TESTDIR
[2010/07/03 16:59:50, 5] smbd/dir.c:OpenDir(1079)
  OpenDir: Can't open ip/dokumentacia/server/TESTDIR. Permission denied
[2010/07/03 16:59:50, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(1833) cmd=50 (SMBtrans2)
NT_STATUS_ACCESS_DENIED
[2010/07/03 16:59:50, 5] lib/util.c:show_msg(506)
[2010/07/03 16:59:50, 5] lib/util.c:show_msg(516)
  size=35
  smb_com=0x32
  smb_rcls=34
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51265
  smb_tid=2
  smb_pid=1744
  smb_uid=103
  smb_mid=10304
  smt_wct=0
  smb_bcc=0



Any help would be appreciated,

Krigler Pavol


More information about the samba mailing list