Also i suggest read this. http://rhkernel.org/RHEL6+2.6.32-44.1.el6/fs/cifs/TODO
Louis >-----Oorspronkelijk bericht----- >Van: peter.shevche...@rsise.anu.edu.au >[mailto:samba-boun...@lists.samba.org] Namens Peter Shevchenko >Verzonden: 2011-06-03 08:50 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] SMB + Active Directory And No Ability >To Delete Files And Folders > >On Wed, 01 Jun 2011 16:35:05 -0400, Jenkins, Mack wrote: > >> The 3.5.8 release is not in the yum repo provided by RHEL6. We are >> trying to stay within the RHEL yum repo if possible. But at >this point, >> if there is a repo that has a 3.5.8 release, I'd be more >than happy to >> give it a try. >> >> -- >> Mack J. Jenkins, II >> 404-385-1591 >> mack.jenk...@eas.gatech.edu >> System Support Engineer II >> Earth & Atmospheric Sciences >> >> >> ----- Original Message ----- >> From: "Jeremy Allison" <j...@samba.org> To: "Mack Jenkins" >> <mack.jenk...@eas.gatech.edu> Cc: samba@lists.samba.org >> Sent: Friday, May 27, 2011 7:39:21 PM Subject: Re: [Samba] >SMB + Active >> Directory And No Ability To Delete Files And Folders >> >> On Fri, May 27, 2011 at 03:21:17PM -0400, Jenkins, Mack wrote: >>> I hope that everyone is doing well. I'm new to the list and look >>> forward to participating in the community. I've been using >Samba for a >>> long time and have always preached the samba gospel. :-) >>> >>> I find myself with a peculiar problem. I have a RHEL6 >install running >>> Samba Version 3.5.4-68.el6_0.2 acting a local file server and it is >>> tied into an Active Directory server for the user >management. When a >>> user on a Windows box supplies their Active Directory >credentials, my >>> Samba server validates them against the Active Directory server, >>> creates a directory on the local server, which the user >then mounts on >>> their Windows machine. >>> >>> The problem is this. The users can create files and >folders, but can >>> not delete them. Has anyone seen this behavior before? >> >> Sounds somewhat like an old bug that got fixed... >> >> Have you tried a 3.5.8. release ? > >This sounds like a problem that I have been having. It looks >to me like >the open bug 7521. My situation is: > >1) Two different windows AD domains one windows 2000 the other 2008R2. >2) Three separate Samba servers one (ubuntu 10.04 LTS with samba 3.4.7 >and I have also tried 3.5.8) joined to the 2008r2 domain. On >the other >domain I have an old samba 3.0.14 server and a new samba 3.4.7 (also >tried 3.5.8) joined to it. Out of the three samba servers only the >3.0.14 works as expected with file deletes. > >The problem is if I have a share in which there is a directory that is >owned by a group say "foo" with permissions drwxrwxr-x. Then user "X" >who is a member of "foo" mounts the drive they are able to >create files >in that directory but they can't delete or change the name of >that file. > >I have been trying to find documentation of how samba handles the >translation of permissions in terms of windows ACLs, linux >ACLs and POSIX >permissions but have not found much that is at all current. I >have also >looked in the code and the problem looks to be in the se_access_check >function in lib/util_seaccess.c but there are all these big structures >being passed around and I am really struggling to understand what they >all mean. I also don't understand enough about Windows ACLs and how >samba is storing them to get much further. I had a look at http:// >samba.org/samba/docs/man/Samba-Developers-Guide/ but it appears to be >very out of date. It looks like with samba 3.3 permissions >are handled >totally differently from older releases? > >Any ideas? > >Peter. > > >This is the smb.conf > >[global] > workgroup = BLAH > realm = BLAH.BLAH.BLAH > preferred master = no > server string = Linux Samba Server > security = ADS > encrypt passwords = yes > log level = 10 > log file = /var/log/samba/%m > max log size = 500 > winbind use default domain = Yes > winbind nested groups = Yes > template shell = /bin/bash > map untrusted to domain = Yes >[homes] > comment = Home Direcotries > read only = No > browsable = No > writable = yes > create mask = 0644 > directory mask = 0755 > path = /home/users/%S > store dos attributes = yes >[test] > comment = Test Direcotries > read only = No > browseable = yes > writable = yes > create mask = 0644 > directory mask = 0755 > path = /home/test > >This is a level 10 debug log of some testing I did. > >[2011/05/06 09:44:03, 10] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 63 00 6D 00 62 00 72 00 5C 00 76 00 62 >.\.c.m.b .r. >\.v.b > [0010] 00 6E 00 6D 00 76 00 62 00 6E 00 6D 00 00 >00 .n.m.v.b .n.m... >[2011/05/06 09:44:03, 3] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 13841) conn 0x7fa151fea970 >[2011/05/06 09:44:03, 4] smbd/uid.c:256(change_to_user) > change_to_user: Skipping user change - already user >[2011/05/06 09:44:03, 10] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x110080 >file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 >create_options = 0x200000 root_dir_fid = 0x0, fname = cmbr/vbnmvbnm >[2011/05/06 09:44:03, 10] smbd/open.c:3365(create_file_default) > create_file: access_mask = 0x110080 file_attributes = 0x0, >share_access >= 0x7, create_disposition = 0x1 create_options = 0x200000 >oplock_request >= 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), >create_file_flags = 0x1, fname = cmbr/vbnmvbnm >[2011/05/06 09:44:03, 5] smbd/filename.c:148(unix_convert) > unix_convert called on file "cmbr/vbnmvbnm" >[2011/05/06 09:44:03, 10] smbd/statcache.c:274(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [CMBR/VBNMVBNM] >-> [cmbr/ >vbnmvbnm] >[2011/05/06 09:44:03, 3] smbd/vfs.c:865(check_reduced_name) > reduce_name [cmbr/vbnmvbnm] [/home/test] >[2011/05/06 09:44:03, 10] smbd/vfs.c:937(check_reduced_name) > reduce_name realpath [cmbr/vbnmvbnm] -> [/home/test/cmbr/vbnmvbnm] >[2011/05/06 09:44:03, 3] smbd/vfs.c:974(check_reduced_name) > reduce_name: cmbr/vbnmvbnm reduced to /home/test/cmbr/vbnmvbnm >[2011/05/06 09:44:03, 10] smbd/open.c:2896(create_file_unixpath) > create_file_unixpath: access_mask = 0x110080 file_attributes = 0x0, >share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 >oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = cmbr/ >vbnmvbnm >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) > posix_get_nt_acl: called for file cmbr >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2522(canonicalise_acl) > canonicalise_acl: Access ace entries before arrange : >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER >ace_flags = 0x0 perms --- >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) >SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 2. Type = allow SID = >S-1-5-21-2171229024-547788684-1459996048-4416 uid 1709 (X) >SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:838(print_canon_ace_list) > print_canon_ace_list: canonicalise_acl: ace entries after arrange > canon_ace index 0. Type = allow SID = >S-1-5-21-2171229024-547788684-1459996048-4416 uid 1709 (X) >SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx > canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) >SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx > canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER >ace_flags = 0x0 perms --- >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) > posix_get_nt_acl: called for file cmbr/vbnmvbnm >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2522(canonicalise_acl) > canonicalise_acl: Access ace entries before arrange : >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER >ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) >SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:2535(canonicalise_acl) > canon_ace index 2. Type = allow SID = >S-1-5-21-2171229024-547788684-1459996048-4416 uid 1709 (X) >SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:838(print_canon_ace_list) > print_canon_ace_list: canonicalise_acl: ace entries after arrange > canon_ace index 0. Type = allow SID = >S-1-5-21-2171229024-547788684-1459996048-4416 uid 1709 (X) >SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx > canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) >SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx > canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER >ace_flags = 0x0 perms rwx >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff >[2011/05/06 09:44:03, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) > map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff >[2011/05/06 09:44:03, 10] smbd/open.c:2952(create_file_unixpath) > create_file_unixpath: open file cmbr/vbnmvbnm for delete >ACCESS_DENIED >[2011/05/06 09:44:03, 10] smbd/open.c:3218(create_file_unixpath) > create_file_unixpath: NT_STATUS_ACCESS_DENIED >[2011/05/06 09:44:03, 10] smbd/open.c:3497(create_file_default) > create_file: NT_STATUS_ACCESS_DENIED >[2011/05/06 09:44:03, 3] smbd/error.c:60(error_packet_set) > error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) >NT_STATUS_ACCESS_DENIED >[2011/05/06 09:44:03, 5] lib/util.c:632(show_msg) >[2011/05/06 09:44:03, 5] lib/util.c:642(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=34 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=2 > smb_pid=3440 > smb_uid=102 > smb_mid=10496 > smt_wct=0 > smb_bcc=0 >[2011/05/06 09:44:03, 10] lib/util_sock.c:789 >(read_smb_length_return_keepalive) > got smb length of 104 > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba