I have been
trying to get ACL's to work with Samba 2.2.5 but have run into a
problem.
I am using
RedHat 7.3 with the POSIX ACL patches from http://acl.bestbits.at/. Following
installation of the patches I am able to view and modify ACL's from the bash
command line using the getfacl and setfacl commands. Authenticiation is
configured with winbind and domain security. It seems to be working
fine.
The Samba code
is was downloaded as an RPM from samba.org. I did not rebuild the code as
it seemed to already have acl support in it as evidenced by the many ACL
releated messages in the log files.
When I try to
add/change an ACL from the client I am getting the following message
in the client log file:
[2002/09/18 14:13:59, 3]
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
convert_canon_ace_to_posix_perms: Too many ACE entries for file AUTOEXEC.BAT to convert to posix perms.
convert_canon_ace_to_posix_perms: Too many ACE entries for file AUTOEXEC.BAT to convert to posix perms.
When I view
the log files it appears that the client is passing an ACE file list that
contains four ACE entries, while the source code seems to limit the number
to three (USER, GROUP, OTHER). This doesn't make sense. It seems
that there sould be the three default entries plus as many more entries as the
user wants to set.
Has anyone
solved this problem? Any help is appreciated.
My smb.conf
and an excerpt from my log file are listed below.
Thanks,
Bill
smb.conf
------------
# Samba
config file created using SWAT
# from atlwebcache1.core.hp.com (15.10.155.2)
# Date: 2002/09/18 10:11:50
# from atlwebcache1.core.hp.com (15.10.155.2)
# Date: 2002/09/18 10:11:50
# Global
parameters
[global]
workgroup = SAMBA
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
winbind uid = 1000-2000
winbind gid = 1000-2000
[global]
workgroup = SAMBA
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
winbind uid = 1000-2000
winbind gid = 1000-2000
[homes]
comment = Home Directories
read only = No
browseable = No
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[tmp]
path = /tmp
read only = No
guest ok = Yes
path = /tmp
read only = No
guest ok = Yes
client.log
------------
[2002/09/18 16:04:17, 10]
smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: file ace - before valid
canon_ace index 0. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1013 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1013 -> SAMBA TestUsr
uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 3. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms r-x
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: dir ace - before valid
[2002/09/18 16:04:17, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(TestFile) returning 0744
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: file ace - return
canon_ace index 0. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1013 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1013 -> SAMBA TestUsr
uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 3. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms r-x
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: dir ace - return
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 1. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms rwx
[2002/09/18 16:04:17, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809
)
convert_canon_ace_to_posix_perms: Too many ACE entries for file TestFile to co
nvert to posix perms.
[2002/09/18 16:04:17, 3] smbd/posix_acls.c:set_nt_acl(2242)
set_nt_acl: failed to convert file acl to posix permissions for file TestFile.
[2002/09/18 16:04:17, 3] smbd/error.c:error_packet(91)
error string = Function not implemented
[2002/09/18 16:04:17, 3] smbd/error.c:error_packet(106)
error packet at smbd/nttrans.c(1714) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DEN
IED
print_canon_ace_list: file ace - before valid
canon_ace index 0. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1013 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1013 -> SAMBA TestUsr
uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 3. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms r-x
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: dir ace - before valid
[2002/09/18 16:04:17, 3] smbd/dosmode.c:unix_mode(111)
unix_mode(TestFile) returning 0744
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: file ace - return
canon_ace index 0. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1013 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1013 -> SAMBA TestUsr
uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 3. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms r-x
[2002/09/18 16:04:17, 10] smbd/posix_acls.c:print_canon_ace_list(146)
print_canon_ace_list: dir ace - return
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r--
canon_ace index 1. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-513 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-5
13 -> SAMBA Domain Users
gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms r--
canon_ace index 2. Type = allow SID = S-1-5-21-1838633764-1922773823-188441444
-1004 winbind_lookup_sid: SUCCESS: SID S-1-5-21-1838633764-1922773823-188441444-
1004 -> SAMBA smbuser
uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms rwx
[2002/09/18 16:04:17, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809
)
convert_canon_ace_to_posix_perms: Too many ACE entries for file TestFile to co
nvert to posix perms.
[2002/09/18 16:04:17, 3] smbd/posix_acls.c:set_nt_acl(2242)
set_nt_acl: failed to convert file acl to posix permissions for file TestFile.
[2002/09/18 16:04:17, 3] smbd/error.c:error_packet(91)
error string = Function not implemented
[2002/09/18 16:04:17, 3] smbd/error.c:error_packet(106)
error packet at smbd/nttrans.c(1714) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DEN
IED
|
| |
|
|
Bill
Donahue |
|
| |
