/Unable to save permission changes on Directory on Server
Access is denied. / This is it. The samba log is the one attached in the first post. Regards, Alberto updatemyself . wrote:
Ok what the error u r getting while u setting permission from windows..? On 11/21/05, *Albe* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: ok, here they are: /Filesystem Size Used Avail Use% Mounted on /dev/hda1 5.8G 3.1G 2.4G 57% / /dev/hda6 67G 341M 67G 1% /home /dev/sda1 115G 109G 6.2G 95% /mnt/EHD / //dev/hda1 on / type ext3 (rw,acl,user_xattr) none on /proc type proc (rw) none on /proc/bus/usb type usbfs (rw) none on /sys type sysfs (rw) /dev/hda6 on /home type ext3 (rw) /dev/sda1 on /mnt/EHD type reiserfs (rw,acl,user_xattr) / regards albe updatemyself . wrote:it will be better if u can provide.. the following commands.. df -h and mount regards Jerrynikki On 11/21/05, *Albe* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: My samba 3.0.20b is compiled with ads and acl support. Kernel is a 2.6.14.2 <http://2.6.14.2>, compiled with acl and extended attributes for used filesystems. The system is running a slackware 10.2. I had to rebuild from source attr, acl, libattr, libacl to have compiling with acl support. plus /[EMAIL PROTECTED] EHD]# smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_POSIX_ACLS [EMAIL PROTECTED] EHD]# / I doublechecked that. I also found out that the groups created by the idmap_rid backend do not reflect entirely the real groups in the Active Directory domain. Thanks for the help. Regards, Alberto updatemyself . wrote:hai... Look like that u need to rebuild samba... with "--with-acl-support" option download src rpm ...... install it.. then edit it... before building ur samba RPM if u want more.. help.. feel free to contact... regards jerrrynikki On 11/18/05, *Albe* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: Hi everybody, i'm getting mad configuring samba to join an ADS, resolve domain users and groups and set ACLs via windows explorer on a share mounted with POSIX ACL and extended attributes. At the point where i am, i've managed to get Samba join correctly the domain with idmap_rid backend working fine. I can correctly set (add, remove, modify) file acls and extended attributes via bash, but when i try to simply add a user permission on a file or directory via the windows explorer security settings i get in the log (level 3): [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 2339) conn 0x8353068 [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121) unix_mode( WINDOWSRegDefrag.dat) returning 0744 [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372) albe opened file WINDOWSRegDefrag.dat read=No write=No (numopen=1) [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114) Transaction 9 of length 244 [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 2339) conn 0x8353068 [2005/11/17 23:12:22, 3] smbd/ nttrans.c:call_nt_transact_set_security_desc (2081) call_nt_transact_set_security_desc: file = WINDOWSRegDefrag.dat, sent 0x4 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache (158) fetch sid from uid cache 11334 -> S-1-5-21-2707684321-3739850521-1540700870-1334 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache (232) fetch sid from gid cache 10512 -> S-1-5-21-2707684321-3739850521-1540700870-512 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179) fetch uid from cache 11334 -> S-1-5-21-2707684321-3739850521-1540700870-1334 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179) fetch uid from cache 11369 -> S-1-5-21-2707684321-3739850521-1540700870-1369 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_gid_from_cache(253) fetch gid from cache 10512 -> S-1-5-21-2707684321-3739850521-1540700870-512 [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121) unix_mode(WINDOWSRegDefrag.dat) returning 0744 [2005/11/17 23:12:22, 3] smbd/ posix_acls.c:convert_canon_ace_to_posix_perms(2585) convert_canon_ace_to_posix_perms: Too many ACE entries for file WINDOWSRegDefrag.dat to convert to posix perms. [2005/11/17 23:12:22, 3] smbd/posix_acls.c:set_nt_acl(3265) set_nt_acl: failed to convert file acl to posix permissions for file WINDOWSRegDefrag.dat. [2005/11/17 23:12:22, 3] smbd/error.c:error_packet(147) error packet at smbd/nttrans.c(2088) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114) Transaction 10 of length 45 [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 2339) conn 0x8353068 [2005/11/17 23:12:22, 3] smbd/reply.c:reply_close(3247) close fd=-1 fnum=11974 (numopen=1) [2005/11/17 23:12:22, 2] smbd/close.c:close_normal_file(270) AGBSOFT\albe closed file WINDOWSRegDefrag.dat (numopen=0) I can correctly set file permission of the classical posix elements: user, group and others. My smb.conf [global] workgroup = AGBSOFT realm = AGBSOFT.CH server string = CVS Server security = ADS client schannel = No allow trusted domains = No password server = agbsoft-nt1.agbsoft.ch <http://agbsoft-nt1.agbsoft.ch> log level = 3 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 18 preferred master = No domain master = No wins server = 10.100.0.2 <http://10.100.0.2> idmap backend = idmap_rid:AGBSOFT=10000-200000000 idmap uid = 10000-200000000 idmap gid = 10000-200000000 template shell = /bin/bash winbind use default domain = Yes winbind nested groups = Yes [prova] comment = prova path = /home/ftp valid users = "@AGBSOFT\Domain Admins" read only = No My samba 3.0.20b is compiled with ads and acl support. Kernel is a 2.6.14.2 <http://2.6.14.2>, compiled with acl and extended attributes for used filesystems. The system is running a slackware 10.2. I had to rebuild from source attr, acl, libattr, libacl to have compiling with acl support. What i'm i doing wrong? Thanks in advance for any help. I remain at disposal for any further information. Alberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
