[Samba] How to troubleshoot an ACL error?

Peter Clark pclark at pclark.com
Tue Mar 4 08:08:40 MST 2014

I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
of testparm is:

        workgroup = SOMETHING
        server role = active directory domain controller
        passdb backend = samba_dsdb
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4, acl_xattr

        path =
        read only = No

        path = /usr/local/samba/var/locks/sysvol
        read only = No

        path = /home
        read only = No

I can run lists:

 smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]

        Sharename       Type      Comment
        ---------       ----      -------
        netlogon        Disk
        sysvol          Disk
        homes           Disk
        IPC$            IPC       IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$

However when I log in as a user and try to go into my homedir:

Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
  .                                   D        0  Sun Mar  2 11:06:09 2014
  ..                                  D        0  Mon Mar  3 03:44:25 2014
  pclark                              D        0  Mon Mar  3 13:36:36 2014

                34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
smb: \>

getfacl shows:
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark

When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as

My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.


More information about the samba mailing list