My samba 3.0.20b is compiled with ads and acl support. Kernel is a
2.6.14.2 <http://2.6.14.2>, compiled with acl and extended attributes
for used
filesystems.
The system is running a slackware 10.2. I had to rebuild from source
attr, acl, libattr, libacl to have compiling with acl support.
plus
/[EMAIL PROTECTED] EHD]# smbd -b | grep ACL
HAVE_SYS_ACL_H
HAVE_POSIX_ACLS
[EMAIL PROTECTED] EHD]#
/
I doublechecked that.
I also found out that the groups created by the idmap_rid backend do not
reflect entirely the real groups in the Active Directory domain.
Thanks for the help.
Regards,
Alberto
updatemyself . wrote:
hai...
Look like that u need to rebuild samba...
with "--with-acl-support" option
download src rpm ...... install it..
then edit it... before building ur samba RPM
if u want more.. help.. feel free to contact...
regards
jerrrynikki
On 11/18/05, *Albe* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Hi everybody,
i'm getting mad configuring samba to join an ADS, resolve domain
users and groups and set ACLs via windows explorer on a share mounted
with POSIX ACL and extended attributes.
At the point where i am, i've managed to get Samba join correctly the
domain with idmap_rid backend working fine.
I can correctly set (add, remove, modify) file acls and extended
attributes via bash, but when i try to simply add a user permission
on a file or directory via the windows explorer security settings i
get in the log (level 3):
[2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
switch message SMBntcreateX (pid 2339) conn 0x8353068
[2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
unix_mode( WINDOWSRegDefrag.dat) returning 0744
[2005/11/17 23:12:22, 2] smbd/open.c:open_file(372)
albe opened file WINDOWSRegDefrag.dat read=No write=No (numopen=1)
[2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
Transaction 9 of length 244
[2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
switch message SMBnttrans (pid 2339) conn 0x8353068
[2005/11/17 23:12:22, 3] smbd/
nttrans.c:call_nt_transact_set_security_desc (2081)
call_nt_transact_set_security_desc: file = WINDOWSRegDefrag.dat,
sent 0x4
[2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache
(158)
fetch sid from uid cache 11334 ->
S-1-5-21-2707684321-3739850521-1540700870-1334
[2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache
(232)
fetch sid from gid cache 10512 ->
S-1-5-21-2707684321-3739850521-1540700870-512
[2005/11/17 23:12:22, 3]
passdb/lookup_sid.c:fetch_uid_from_cache(179)
fetch uid from cache 11334 ->
S-1-5-21-2707684321-3739850521-1540700870-1334
[2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179)
fetch uid from cache 11369 ->
S-1-5-21-2707684321-3739850521-1540700870-1369
[2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_gid_from_cache(253)
fetch gid from cache 10512 ->
S-1-5-21-2707684321-3739850521-1540700870-512
[2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121)
unix_mode(WINDOWSRegDefrag.dat) returning 0744
[2005/11/17 23:12:22, 3] smbd/
posix_acls.c:convert_canon_ace_to_posix_perms(2585)
convert_canon_ace_to_posix_perms: Too many ACE entries for file
WINDOWSRegDefrag.dat to convert to posix perms.
[2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265)
set_nt_acl: failed to convert file acl to posix permissions for
file WINDOWSRegDefrag.dat.
[2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147)
error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114)
Transaction 10 of length 45
[2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900)
switch message SMBclose (pid 2339) conn 0x8353068
[2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247)
close fd=-1 fnum=11974 (numopen=1)
[2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270)
AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0)
I can correctly set file permission of the classical posix elements:
user, group and others.
My smb.conf
[global]
workgroup = AGBSOFT
realm = AGBSOFT.CH
server string = CVS Server
security = ADS
client schannel = No
allow trusted domains = No
password server = agbsoft-nt1.agbsoft.ch
<http://agbsoft-nt1.agbsoft.ch>
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
os level = 18
preferred master = No
domain master = No
wins server = 10.100.0.2 <http://10.100.0.2>
idmap backend = idmap_rid:AGBSOFT=10000-200000000
idmap uid = 10000-200000000
idmap gid = 10000-200000000
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
[prova]
comment = prova
path = /home/ftp
valid users = "@AGBSOFT\Domain Admins"
read only = No
My samba 3.0.20b is compiled with ads and acl support. Kernel is a
2.6.14.2 <http://2.6.14.2>, compiled with acl and extended
attributes for used
filesystems.
The system is running a slackware 10.2. I had to rebuild from source
attr, acl, libattr, libacl to have compiling with acl support.
What i'm i doing wrong?
Thanks in advance for any help.
I remain at disposal for any further information.
Alberto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
