I added the attributes acl,user_xattr to the /etc/fstab and then raised the log level to 10. and attempted once more the MMC, "Connect to another computer", and used the Samba hostname to connect to it, then i went into a share, and on the security tab, i hit the advanced button and modified the write permissions for the group "Domain users" and i got a the message "changes could not be saved, access is denied". I looked at the logging and i have to say i can't make much of it:
[2006/01/03 16:15:27, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/03 16:15:27, 5] auth/auth_util.c:free_server_info(1406) attempting to free (and zero) a server_info structure [2006/01/03 16:15:27, 3] smbd/reply.c:reply_ulogoffX(1264) ulogoffX vuid=100 [2006/01/03 16:15:27, 5] lib/util.c:show_msg(486) [2006/01/03 16:15:27, 5] lib/util.c:show_msg(496) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/01/03 16:15:27, 6] lib/util_sock.c:write_socket(449) write_socket(25,43) [2006/01/03 16:15:27, 6] lib/util_sock.c:write_socket(452) write_socket(25,43) wrote 43 [2006/01/03 16:15:27, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 35 [2006/01/03 16:15:27, 6] smbd/process.c:process_smb(1090) got message type 0x0 of len 0x23 [2006/01/03 16:15:27, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 39 [2006/01/03 16:15:27, 5] lib/util.c:show_msg(486) [2006/01/03 16:15:27, 5] lib/util.c:show_msg(496) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=0 smb_bcc=0 [2006/01/03 16:15:27, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 2699) conn 0x880d9c0 [2006/01/03 16:15:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/01/03 16:15:27, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/03 16:15:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/01/03 16:15:27, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/03 16:15:27, 1] smbd/service.c:close_cnum(830) 192.168.0.7 (192.168.0.7) closed connection to service ftp [2006/01/03 16:15:27, 3] smbd/connection.c:yield_connection(69) Yielding connection to ftp [2006/01/03 16:15:27, 4] smbd/vfs.c:vfs_ChDir(660) vfs_ChDir to / [2006/01/03 16:15:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/01/03 16:15:27, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/03 16:15:27, 5] lib/util.c:show_msg(486) [2006/01/03 16:15:27, 5] lib/util.c:show_msg(496) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=0 smb_bcc=0 [2006/01/03 16:15:27, 6] lib/util_sock.c:write_socket(449) write_socket(25,39) [2006/01/03 16:15:27, 6] lib/util_sock.c:write_socket(452) write_socket(25,39) wrote 39 [2006/01/03 16:15:27, 10] lib/util_sock.c:read_socket_data(378) read_socket_data: recv of 4 returned 0. Error = Success [2006/01/03 16:15:27, 10] lib/util_sock.c:receive_smb_raw(556) receive_smb_raw: length < 0! [2006/01/03 16:15:27, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2006/01/03 16:15:27, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2006/01/03 16:15:27, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2006/01/03 16:15:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2006/01/03 16:15:27, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/01/03 16:15:27, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/01/03 16:15:27, 2] smbd/server.c:exit_server(609) Closing connections [2006/01/03 16:15:27, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/01/03 16:15:27, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2006/01/03 16:15:27, 3] smbd/server.c:exit_server(652) Server exit (normal exit) Could someone briefly translate? BTW, i do have the usermap file entry like this: root "MRPARTYKA/Administrator" Do others here have similar entries that equivalate root to the domain administrator account? Here is my smb.conf file: # Global parameters, created by Mike Partyka, Agostoinc, 12302005:1230 [global] unix charset = LOCALE workgroup = mrpartyka realm = MRPARTYKA.DOMAIN server string = SMBv3.0.14a/MS ADS/winbindd security = ads log level = 10 syslog = 0 log file = /var/log/samba/%m max log size = 50 printcap name = CUPS idmap uid = 10000-40000000 idmap gid = 10000-40000000 template primary group = "MRPARTYKA/Domain Users" template shell = /bin/bash printing = cups # winbind trusted domains only = Yes winbind separator = / [ftp] comment = All users share path = /ftproot valid users = @"MRPARTYKA/Domain Users" writeable = Yes browseable = Yes nt acl support = Yes inherit acls = Yes map hidden = No map system = No map archive = No store dos attributes = Yes ea support = Yes > > > On 1/3/06, Louis van Belle <[EMAIL PROTECTED]> wrote: > > > > Your welkom, its my bosses time ;-) > > > > Louis > > > > > > >-----Oorspronkelijk bericht----- > > >Van: Mike Partyka [mailto:[EMAIL PROTECTED] > > >Verzonden: dinsdag 3 januari 2006 16:15 > > >Aan: Louis van Belle > > >CC: samba@lists.samba.org > > >Onderwerp: Re: [Samba] Windows ACL modify ability? > > > > > >Interesting, i was not aware of that, the kernel does have the > > >necessary support in it for POSIX ACL's and Extended > > >attributes, but i was lacking the entry in /etc/fstab i added > > >it and will test it this afternoon and report back. > > > > > >Thanks for taking the time to respond, Louis! > > > > > > > > >On 1/3/06, Louis van Belle <[EMAIL PROTECTED]> wrote: > > > > > > wel, is there in /boot a config-xxxx file > > > > > > open it with you favorite editor, > > > search for XATTR or POSIX_CAL > > > > > > if set M its possible you still have to load the modules > > > if set Y its in kernel, then kernel is ok. > > > > > > check you fstab > > > i added for /home only the acl and EA. > > > like this. > > > > > > dev/sda12 /home ext3 defaults,acl,user_xattr > > > 0 2 > > > > > > if there is no acl,user_xattr > > > then there is no windows rights management. > > > > > > i set right with the explorer and this is working ok on > > > my samba. ( als 3.0.14a debian) > > > > > > Louis > > > > > > > > > > > > > > > >-----Oorspronkelijk bericht----- > > > >Van: Mike Partyka [mailto:[EMAIL PROTECTED] > > > >Verzonden: dinsdag 3 januari 2006 15:00 > > > >Aan: Louis van Belle > > > >CC: samba@lists.samba.org > > > >Onderwerp: Re: [Samba] Windows ACL modify ability? > > > > > > > >Your referring to POSIX ACL support in the kernel? I am not > > > >entirely sure how to check for this in the standard > > > >precompliled kernel, and i believe that support not to be > > > >common in most linux distro's so i would guess that, POSIX ACL > > > >support is not enabled. > > > > > > > >My understanding is that POSIX ACL support will get you a > > > >closer approximation to windows ACL's,that is, finer grained > > > >control over the UNIX permissions, but i think standard UNIX > > > >perms should be adequet. > > > > > > > >That was my original question though, "Is POSIX ACL kernel > > > >support necessary to perform ACL adjustments through a windows > > > >MMC?". It does not seem to be from the documentation i have > > > >read but i was not certain which was why i thought i would > > > >toss the question out to the mailing list. > > > > > > > >Thanks again, Louis > > > > > > > > > > > >On 1/3/06, Louis van Belle < [EMAIL PROTECTED] > > ><mailto: [EMAIL PROTECTED]> > wrote: > > > > > > > > does your kernel support ACL and Extended Attributes. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL > > >and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba