[Samba] Issue with acl_xattr:ignore system acls in 4.5rc2

Eric Eastman eric.eastman at keepertech.com
Wed Aug 17 23:56:51 UTC 2016 

I was testing Samba 4.5rc2 with an existing smb.conf file that I have been
using since Samba 4.1.x and found that I cannot access data in the share on
Windows 2012 (my AD server), a Windows 2008 client or on a Ubuntu 16.04
client.  I built a new version of Samba 4.4.5 using the same procedure as I
did for building 4.5rc2 and the 4.4.5 Samba version worked with my smb.conf
file.  I then created a very basic smb.conf file and slowly built it up,
and by doing testing between 4.4.5 and 4.5rc2, I finally found the line
that caused the problem. Here is my cut down smb.conf file:

[global]
security = ads
realm = ERIC.LOCAL
workgroup = ERIC
netbios name = C1-GW03-T5
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind use default domain = Yes
winbind nested groups = Yes
map acl inherit = yes
vfs objects = acl_xattr streams_xattr
acl_xattr:ignore system acls = yes
load printers = no
printcap name = /dev/null

[zzz]
path = /zzz
writeable = yes
browseable = yes


The line causing the problem with 4.5rc2 is:
  acl_xattr:ignore system acls = yes

For my tests the /zzz directory was created clean each time before starting
the Samba processes with:
# rm -rf /zzz
# mkdir /zzz
# chmod 777 /zzz

The test server is a Ubuntu 14.04 VM using an ext4 file system and a 4.7.0
kernel:
# uname -a
Linux ede-c1-gw03 4.7.0-4.7.0-k #1 SMP Mon Jul 25 10:54:31 EDT 2016 x86_64
x86_64 x86_64 GNU/Linux

I tested that extended attributes worked on the ext4 file system by using
the setfattr command.

My Samba 4.5rc2 the version shows:
# smbd --version
Version 4.5.0rc2

Both the 4.4.5 and 4.5rc2 Samba builds were done with:
$ ./configure --prefix=/usr/keeper --without-systemd --without-lttng
$ make
$ sudo make install

The compiler verion is:
$ gcc --version
gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4

Using Samba 4.5rc2 and using the Windows 2012 AD, when I tried to map the
zzz export, it pops up an error window that says:

Location is not available
Z:\ is not accessible.
The handle is invalid.

On my Ubuntu 16.04 system, the mount works, but ls -la on the mount point
gives the error:

# mount -v /zzz
mount.cifs kernel mount options: ip=10.14.2.33,unc=\\
ede-c1-gw03.keepertech.com
\zzz,vers=3.0,user=ERIC,,domain=ERIC.LOCAL,pass=********
# ls -la /zzz
ls: reading directory '/zzz': Permission denied
total 0

The Ubuntu client /etc/fstab entry is:
//ede-c1-gw03.XXXX.com/zzz /zzz cifs
 rw,username=ERIC,password=XXXX,domain=ERIC.LOCAL,vers=3.0 0  0

The same smb.conf file works fine on Samba 4.4.5 and I have no issues
accessing the the zzz share with Ubuntu or Windows.

On Samba 4.5rc2 if I stop all the Samba processes, comment out the
following line in the smb.conf file:

    # acl_xattr:ignore system acls = yes

and restart the Samba processes, I no longer have the error when I mount
the share on Windows of Ubuntu.

I am not sure why this one line is causing the issue with 4.5rc2.

Regards,

Eric

More information about the samba mailing list