[Samba] SAMBA 4.0.5 - AD/DC part of an existing AD

Daniel Pelletier pdaniel at provaxia.ca
Tue Apr 23 10:31:35 MDT 2013


Hi,
My problem relates to SAMBA 4.0.5, especially with acl / ntacl problem.

Explanation:
     I'm currently trying to install a TEST System with a Samba4 ADDC 
system, using Ubuntu server 12.04.
     I've successfully completed the install and followed mostly the 
howto's on samba.org for SAMBA4.

     I'm currently struggling with changing ACL on the Samba 4 Share 
itself, and inside the shares...
     It's now been a few weeks that I've started working on this, 
starting with 4.0.3 to 4.0.4 and now 4.0.5.

     Using the windows Admin Pak, I simply can't change the ACL to 
"Domain Admin" on the share itself;
     It's always giving me a "Permission Denied".

     I can't seem to find the error in the samba logs, logging at 
different levels.

Here's the setup I've used:

     krb5.conf:
=================================
[libdefaults]
         default_realm = mydomain.com
[realms]
         mydomain.com = {
                 kdc = maindc.mydomain.com
                 admin_server = maindc.mydomain.com
                 default_domain = mydomain.com
[domain_realm]
         .mydomain.com = mydomain.com
=================================

     smb.conf:
=================================
[global]
         workgroup = MYDOMAIN
         realm = mydomain.com
         netbios name = FSLINUX2
         server role = active directory domain controller

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

[TEST]
         comment = Repertoire de base pour donnees
         path= /TEST
         read only = no
=================================

Samba compiled with:
./configure --with-ads --with-shared-modules=idmap_ad

     ACL & Attributes:
=================================
root at fslinux2:/usr/local/samba# ls -ald /TEST
drwxrwx---+ 2 3000014 3000014 4096 Apr 16 16:25 /TEST
root at fslinux2:/usr/local/samba# getfacl /TEST
getfacl: Removing leading '/' from absolute path names
# file: TEST
# owner: 3000014
# group: 3000014
user::rwx
group::rwx
group:3000014:rwx
group:3000020:rwx
group:3000185:rwx
group:3000209:rwx
mask::rwx
other::---
default:user::rwx
default:user:3000014:rwx
default:group::---
default:group:3000014:rwx
default:group:3000020:rwx
default:group:3000185:rwx
default:group:3000209:rwx
default:mask::rwx
default:other::---

root at fslinux2:/usr/local/samba# getfattr -d -m "" /TEST
getfattr: Removing leading '/' from absolute path names
# file: TEST
security.NTACL=0sAwADAAAAAgAEAAIAAQByycVyHtPFedtdWtQSN4l5838ZCS5zl6QBLwkWxhSORgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAScZAAAAIAAAAAAAAAAnAAAAAEFAAAAAAAFFQAAADWvCsf4q6zzUPp1ZgACAAABBQAAAAAABRUAAAA1rwrH+Kus81D6dWYAAgAAAgCcAAUAAAAACxQA/wEfAAEBAAAAAAADAAAAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIQYAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIAwAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmAAIAAAADFAD/AR8AAQEAAAAAAAUSAAAA
system.posix_acl_access=0sAgAAAAEABwD/////BAAHAP////8IAAcAzsYtAAgABwDUxi0ACAAHAHnHLQAIAAcAkcctABAABwD/////IAAAAP////8=
system.posix_acl_default=0sAgAAAAEABwD/////AgAHAM7GLQAEAAAA/////wgABwDOxi0ACAAHANTGLQAIAAcAecctAAgABwCRxy0AEAAHAP////8gAAAA/////w==
=================================

/etc/fstab:
=================================
/dev/mapper/fslinux2-root /               ext4 
errors=remount-ro,*user_xattr,acl,barrier=1*
=================================

log.samba:
Well, this is ambiguous; I was not able to associate the ACL situation 
with a specific error message...
This is the only message that may be related, there no WERR_ errors, no 
other NT_STATUS errors at the time I've tried to add/change ACLs...
=================================
[2013/04/16 15:13:15,  5, pid=7606, effective(0, 0), real(0, 0)] 
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
[2013/04/16 15:13:15,  3, pid=7607, effective(0, 0), real(0, 0)] 
../source4/smbd/service_stream.c:63(stream_terminate_connection)
   Terminating connection - 'wbsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2013/04/16 15:13:15,  5, pid=7607, effective(0, 0), real(0, 0)] 
../source4/lib/messaging/messaging.c:554(imessaging_cleanup)
   imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.7607.27
[2013/04/16 15:13:15,  3, pid=7607, effective(0, 0), real(0, 0)] 
../source4/smbd/process_single.c:114(single_terminate)
   single_terminate: reason[wbsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2013/04/16 15:13:15, 10, pid=7607, effective(0, 0), real(0, 0)] 
../source4/winbind/wb_server.c:72(wbsrv_call_loop)
=================================

Please let me know if I can provide any further information to help me 
understand this situation.
Thank you all for your help and listening.
Regards,





More information about the samba mailing list