[Samba] How to troubleshoot an ACL error?

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 4 08:34:02 MST 2014 

On 04/03/14 15:08, Peter Clark wrote:
> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
> of testparm is:
>
> [global]
>          workgroup = SOMETHING
>          realm = SOMETHING.SOMETHING.COM
>          server role = active directory domain controller
>          passdb backend = samba_dsdb
>          server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, smb
>          dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver, winreg, srvsvc
>          rpc_server:tcpip = no
>          rpc_daemon:spoolssd = embedded
>          rpc_server:spoolss = embedded
>          rpc_server:winreg = embedded
>          rpc_server:ntsvcs = embedded
>          rpc_server:eventlog = embedded
>          rpc_server:srvsvc = embedded
>          rpc_server:svcctl = embedded
>          rpc_server:default = external
>          idmap_ldb:use rfc2307 = yes
>          idmap config * : backend = tdb
>          map archive = No
>          map readonly = no
>          store dos attributes = Yes
>          vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
>          path =
> /usr/local/samba/var/locks/sysvol/something.something.com/scripts
>          read only = No
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [homes]
>          path = /home
>          read only = No
>
> I can run lists:
>
>   smbclient -L localhost -U%
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
>
>          Sharename       Type      Comment
>          ---------       ----      -------
>          netlogon        Disk
>          sysvol          Disk
>          homes           Disk
>          IPC$            IPC       IPC Service
> localhost is an IPv6 address -- no workgroup available
> [pclark at c3po ~]$
>
> However when I log in as a user and try to go into my homedir:
>
> Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
> smb: \> dir
>    .                                   D        0  Sun Mar  2 11:06:09 2014
>    ..                                  D        0  Mon Mar  3 03:44:25 2014
>    pclark                              D        0  Mon Mar  3 13:36:36 2014
>
>                  34001 blocks of size 8388608. 13463 blocks available
> smb: \> cd pclark
> cd \pclark\: NT_STATUS_INVALID_ACL
> smb: \>
>
> getfacl shows:
> getfacl pclark
> # file: pclark
> # owner: pclark
> # group: pclark
> user::rwx
> group::rwx
> other::r-x
>
>
> When I try and bring up the folder on a Windows system the security tab
> only has an X with an error message that says the "security information is
> unavailable or cannot be displayed", even when logged into the domain as
> Administrator.
>
> My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
> sure how to troubleshoot this further, any thoughts on how to reset the
> acl to a baseline that can be later edited (or, what did I do wrong here?)
> would be appreciated.
>
> Thanks,
>
OK, so you are trying to login to a share on the samba server?

does your user have a uidNumber in AD? if so, is this the same number 
that 'getent passwd pclark' shows on the samba4 server?

Rowland

More information about the samba mailing list