Hi people
My problem is quite strange, and I am just sending this email to point out another small oddity I noticed while setting acls. My server is Samba 3.0.4, and I have acl support built into it as well as into the 2.4.24 kernel (patched with acl patch from acl.bestbits.at).
Here is the strange stuff that is going on:
Description of hosts: Samba server: i.p.-- a.b.c.d netbios name-- test dns name-- smbserv samba configured as a PDC
ANOMALY: wbinfo -g returns some values that do not seem to be complete, wbinfo -u returns "error looking up domain users"
Client: Windows XP Professional
Problem:
1. When I open a share on the server using the address \\a.b.c.d (server i.p. address), I can easily view and set acls
2. When I open a share on the server using \\smbserv (server dns name), I can still easily view and set acls
3. When I open a share on the server using \\test (server netbios name), a. I can access shares and modify existing acls
b. When I try to add new acls for other users on files or directories, I cannot search for any domain users in the add->advanced->find now button of the properties dialog box, getting the error message that multiple connections to a shared resource are not possible.
c. After this, until I logout, I cannot set new acls even if I login from \\a.b.c.d or \\test
4. If the netbios name and the dns name of the server are set to be the same, then when I open the share using the dns name/netbios name, I cannot set new acls.
I just wrote to mention that the problem just seems to be something with netbios naming, as everything works fine while using dns names. I would appreciate any suggestions for getting that working if you could help me with that, anyway, I just wanted to add this new thing I had noticed.
Regards, Prajjwal
Prajjwal wrote:
Thanks Jerry
I had checked most of the time using the netbios name of the samba host. I am using samba 3.0.4, and I do recall that I had been able to get the acls working for around a day even using the netbios names when I had been playing around with some settings. However, the acl display stopped working all of a sudden, and I have been perplexed as to why that happened.
I tried setting up a very basic samba configuration with samba on two different machines, and I am getting the both result on both -- I can get the list of users when I logon to the host using the ip address, but I can't get the userlist when I use the netbios name. Modifying existing acl's works fine though.
I am using a configuration that testparm labels as: "Server role: ROLE_DOMAIN_PDC" --guess that shouldn't be happening right?
Would help a lot if any of you had any suggestions
With best regards, Prajjwal
Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Prajjwal wrote:
| I can view and modify any permissions on the existing | files that are being shared. If setfacl has been used | to grant additional users permissions, then those users | are also displayed, and their permissions can also be set. | | However, if I try to add any new users to the acl, a | dialog box pops up, asking me to provide it with the | username and password of a user with permissions to modify on | my domain, and when I supply the username and password, the | dialog responds that multiple connections to the shared | resource are not allowed, and it asks me to close all | other connections before trying again.
This is a 2k -> NT interoperability bug. We spent a good bit of time on this before 3.0.0 was released. Don't rmember the bug number right now. You can recreate the exact same behavior between 2k and an nt4 standalone file server.
There was no workaround except to use Samba as a PDC instead of a standalone server. Or possibly to connect to share using the IP of the Samba server instead (this causing the user enumeration to the netbios name).
Hope this helps.
cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA7ZTCIR7qMdg1EfYRAvFtAJ9ewgjYO8zG+a8RcttmW6X4JpJsjwCg8lQE 8u3fEXoNnh/j7/klPeTalfk= =K7ye -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
