[Samba] How to troubleshoot an ACL error?
Peter Clark
pclark at pclark.com
Tue Mar 4 08:08:40 MST 2014
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
of testparm is:
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
I can run lists:
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
However when I log in as a user and try to go into my homedir:
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl shows:
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.
Thanks,
More information about the samba
mailing list