XFS ACL Samba
Nicolas Scaut
nicolas.scaut at province.namur.be
Thu Aug 14 13:59:48 GMT 2003
Hello,
- I install a SUSE 8.1 with XFS filesystem
- After, I install samba 2.2.8a (--with-acl-support et -with-winbind).
- Then I configure it to become a domain member. It seems to be ok (wbinfo -t etc).
Here is my smb.conf :
[global]
# Options des logs
log file = /var/log/samba/log.samba
debug level = 4
# General
netbios name = myxfs
server string = Serveur XFS
workgroup = a
os level = 65
nt acl support = Yes
nt support = yes
wins server = xxxxx
# Authentification
security = DOMAIN
encrypt passwords = yes
password server = xxxxx
unix password sync = yes
smb passwd file = /etc/samba/smbpasswd
passwd chat = *New* %n\n *Re* %n\n *pa*
username map = /etc/samba/user.map
# Réseau windows
domain master = false
preferred master = yes
winbind uid = 500-20000
winbind gid = 500-20000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 15
# Logon
passwd program = /usr/bin/passwd %u
template shell = /bin/bash
[student]
path = /ns/student
comment = Répertoire étudiants
valid users = a\etu1,a\Administrateur
admin users = a\Administrateur
revalidate = yes
available = yes
browseable = yes
writeable = yes
directory mask = 700
force directory mode = 700
create mask = 700
force create mode = 700
When I use the a\Administrateur account, I can browse the « student » directory and I can modifie the access permissions (via option security in windows).
I set the full control for the user a\etu1
Lorque je suis loggué en tant que a\Administrateur sur une machine windows, j'arrive à accéder à "student" et à rajouter des permissions (via l'onglet sécurité). Je rajoute une permission pour etu1 (full control)
When I use the a\etu1 account, I can't browse the « student » directory.
Result of a « getfacl * » :
# file: student
# owner: a\administrateur
# group: a\Admins du domaine
user::rwx
user:a\etu1:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:a\etu1:rwx
default:group::r--
default:mask::rwx
default:other::---
The samba logfile :
Code:
smbd/service.c:make_connection(603)
pcsit00 (172.16.45.230) Can't change directory to /ns/student (Permission denied)
smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
smbd/connection.c:yield_connection(48)
Yielding connection to student
smbd/error.c:error_packet(91)
error string = Permission denied
smbd/error.c:error_packet(110)
error packet at smbd/reply.c(165) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME
If a change the smb.conf to set a\etu1 in into a admin users, then I can browse the « student » folder but, in this case the acl is not usefull because when I change it (no access for a\etu1), it has no effect !!!!
I really want to permit to a\Administrateur to manage shared folders and permissions in windows without see that it's a linux server.
Can you help me ?
Nicolas Scaut
More information about the samba-technical
mailing list