I have an NFS4 server exporting a folder, and a Samba server importing that folder which it then turns around and shares over Samba. I would like Windows machines accessing this folder and its sub folders to be properly restricted according to ACLs.
The NFS4 server is running CentOS 5.7 and is NFS exporting an EXT4 folder. The Samba server is running CentOS 6.0, and Samba 3.5.4-68.el6_0.2. On the Samba server, I am able to use chmod, chown, nfs4_setfacl, ls, and nfs4_getfacl to set and retrieve file and folder permissions and ACLs in the NFS4 mounted folder, and it all seems to be working sanely. I have both servers using winbind. On a Windows 7 machine, I am able to browse to \\test-samba-server, and see all the Samba shared folders that I've set up in smb.conf. Those folders files where I have restricted or allowed read, write, and execute permissions for the domain user logged onto the Windows 7 machine, using the standard POSIX method, work as expected. Thus, I think winbind is working correctly right now. However, if I try to allow access through nfs4_setfacl (and keep the file or folder restricted through the file permissions), the user on the Windows 7 machine is always denied access. I am seeing this in /var/log/messages when I turn on lots of logging: Oct 26 16:01:39 test-samba-server smbd[14979]: [2011/10/26 16:01:39.737663, 1] smbd/dosmode.c:255(get_ea_dos_attribute) Oct 26 16:01:39 test-samba-server smbd[14979]: get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = Operation not supported If I share a local EXT4 folder that's been bind mounted with the user_xattr option, then I don't get the problem there. ACLs restrict and allow the Windows 7 user as I would expect (I can create them on CentOS using setfacl), and the logged error does not show up. On the NFS server, I am specifying the user_xattr option in the bind mount of the folder that I'm exporting. NFS4 doesn't have a user_xattr option that I can use when mounting. Does anyone have any ideas for what I could do to get Samba to use ACLs over NFS4? If you need more configuration details, or if I could be more clear on any part, let me know. Paul Nickerson IT Systems Administrator & Support DeskNet Inc. Portland, Maine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
