Hi,
My problem relates to SAMBA 4.0.5, especially with acl / ntacl problem.
Explanation:
I'm currently trying to install a TEST System with a Samba4 ADDC
system, using Ubuntu server 12.04.
I've successfully completed the install and followed mostly the
howto's on samba.org for SAMBA4.
I'm currently struggling with changing ACL on the Samba 4 Share
itself, and inside the shares...
It's now been a few weeks that I've started working on this,
starting with 4.0.3 to 4.0.4 and now 4.0.5.
Using the windows Admin Pak, I simply can't change the ACL to
"Domain Admin" on the share itself;
It's always giving me a "Permission Denied".
I can't seem to find the error in the samba logs, logging at
different levels.
Here's the setup I've used:
krb5.conf:
=================================
[libdefaults]
default_realm = mydomain.com
[realms]
mydomain.com = {
kdc = maindc.mydomain.com
admin_server = maindc.mydomain.com
default_domain = mydomain.com
[domain_realm]
.mydomain.com = mydomain.com
=================================
smb.conf:
=================================
[global]
workgroup = MYDOMAIN
realm = mydomain.com
netbios name = FSLINUX2
server role = active directory domain controller
[netlogon]
path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[TEST]
comment = Repertoire de base pour donnees
path= /TEST
read only = no
=================================
Samba compiled with:
./configure --with-ads --with-shared-modules=idmap_ad
ACL & Attributes:
=================================
root@fslinux2:/usr/local/samba# ls -ald /TEST
drwxrwx---+ 2 3000014 3000014 4096 Apr 16 16:25 /TEST
root@fslinux2:/usr/local/samba# getfacl /TEST
getfacl: Removing leading '/' from absolute path names
# file: TEST
# owner: 3000014
# group: 3000014
user::rwx
group::rwx
group:3000014:rwx
group:3000020:rwx
group:3000185:rwx
group:3000209:rwx
mask::rwx
other::---
default:user::rwx
default:user:3000014:rwx
default:group::---
default:group:3000014:rwx
default:group:3000020:rwx
default:group:3000185:rwx
default:group:3000209:rwx
default:mask::rwx
default:other::---
root@fslinux2:/usr/local/samba# getfattr -d -m "" /TEST
getfattr: Removing leading '/' from absolute path names
# file: TEST
security.NTACL=0sAwADAAAAAgAEAAIAAQByycVyHtPFedtdWtQSN4l5838ZCS5zl6QBLwkWxhSORgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAScZAAAAIAAAAAAAAAAnAAAAAEFAAAAAAAFFQAAADWvCsf4q6zzUPp1ZgACAAABBQAAAAAABRUAAAA1rwrH+Kus81D6dWYAAgAAAgCcAAUAAAAACxQA/wEfAAEBAAAAAAADAAAAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIQYAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIAwAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmAAIAAAADFAD/AR8AAQEAAAAAAAUSAAAA
system.posix_acl_access=0sAgAAAAEABwD/////BAAHAP////8IAAcAzsYtAAgABwDUxi0ACAAHAHnHLQAIAAcAkcctABAABwD/////IAAAAP////8=
system.posix_acl_default=0sAgAAAAEABwD/////AgAHAM7GLQAEAAAA/////wgABwDOxi0ACAAHANTGLQAIAAcAecctAAgABwCRxy0AEAAHAP////8gAAAA/////w==
=================================
/etc/fstab:
=================================
/dev/mapper/fslinux2-root / ext4
errors=remount-ro,*user_xattr,acl,barrier=1*
=================================
log.samba:
Well, this is ambiguous; I was not able to associate the ACL situation
with a specific error message...
This is the only message that may be related, there no WERR_ errors, no
other NT_STATUS errors at the time I've tried to add/change ACLs...
=================================
[2013/04/16 15:13:15, 5, pid=7606, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
[2013/04/16 15:13:15, 3, pid=7607, effective(0, 0), real(0, 0)]
../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'wbsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2013/04/16 15:13:15, 5, pid=7607, effective(0, 0), real(0, 0)]
../source4/lib/messaging/messaging.c:554(imessaging_cleanup)
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.7607.27
[2013/04/16 15:13:15, 3, pid=7607, effective(0, 0), real(0, 0)]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[wbsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2013/04/16 15:13:15, 10, pid=7607, effective(0, 0), real(0, 0)]
../source4/winbind/wb_server.c:72(wbsrv_call_loop)
=================================
Please let me know if I can provide any further information to help me
understand this situation.
Thank you all for your help and listening.
Regards,
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
