[Samba] acl support

[Sajid Karsan]

Hello, I have gone through all the relevant document and FAQ and
searched your website on this issue, and haven't found a thing, so I
believe this could be a bug. Supposedly as of Samba 2.2.7, Access
Control Lists are supported from Solaris 2.6+. I am running Solaris 2.8
and Samba 2.2.8, however, when I open a file (which has an acl file)
with a Windows XP client, and then save a change, the acl file for that
particular file gets dropped.

 

Are you aware of this? Is there a fix?

 

Thank you.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL behavior

[Hall, Ken (IDS ECCS)]

I've been doing some testing with Samba 2.2.5 and ACL's under ext3, and everything 
seems to work as I need except when I try to add an ACL from Windows.

We're not using winbind because we need consistent UID's across servers.  We have a 
central LDAP directory with everyone in it, and use nss_ldap to resolve users and UID 
numbers.  We're authenticating
against a Windows 2000 cluster though.

When I set an ACL from Linux via the setfacl command, the ACL shows properly in the 
Windows "security" box.  It shows up as (for example) "lnxsles8/kehall" with the right 
permissions (lnxsles8 being
the Samba server).  But if I try to ADD an ACL, it can only find users from the domain 
directory.  Since all of the users are in the domain, I can assign permission using 
the corresponding ID from the
cluster ("NYC1/kehall", for example), but that triggers auto-assignment of a UID via 
Winbind, but since we're not using nss_winbind, the ACL ends up containing an 
unresolvable UID number.  If I
disable Winbind, I can't add the ACL at all.

Curiously, the security dialog DOES list the Linux groups from the LDAP directory.  It 
just doesn't seem to find the users.

Is there any way to get Samba (or Windows) to look at the Samba server's user list for 
valid names, instead of the domain/cluster?  Or am I just doing something wrong?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] acl resource

[Norman Zhang]

Hi,

I'm confused of where to set ACL? Do I set them in SWAT under Security
Options (using Valid Users, Force Group, ..., etc.)? Or do I need to
hardcoded them with setfacl? Or set them in NT client? Please direct me to
the references? I already have xfs, acl, attr, compiled in.

Regards,
Norman

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL problem

[Adrian Chow Seng Yien]

Hi,

I am running Redhat linux 8.0.

"rpm -qa | grep acl" gives the following result
libacl-2.0.11-2
acl-2.0.11-2
libacl-devel-2.0.11-2

How can I know whether I got acl support install on my NT machine?  Do I need to 
specify acl support in the smb.conf file?  
I got problem giving permission to another person for rwx to a file.



Thanks.

adrian

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba & ACL

[Saulius Gurklys]

Hello,
 short and maybe stupid question - can samba work with ACL when
fs is etx2(ext3)?(i think no, but not sure) If NO what file system I need
to make use of ACLs?

Thanks,
--
Saulius

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support

[Jean-Rene Cormier]

Anybody got the latest version of ACL from acl.bestbit.at to work? I've
compiled the packages, then installed them from the RPM but I had no
luck at all. I compiled a kernel with ACL support but when I try to set
a new permission it says permission not supported or something like
that. I currently have a box with ACL working but it's the libacl.so.0
lib and the new version is libacl.so.1 but I can't get that to work at
all. Is there something I missed somewhere?

Jean-Rene Cormier


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL changing problem

[NetRacer]

hi all,

i've a litte problem with my samba 2.2.7a running on SuSE 7.3 with a
kernel 2.5.59:

if i try to change any file acl from my win-client an error occurs
"the network name is not longer avaiable" (orig: "Der angegebene
Netzwerkname ist nicht mehr verfügbar.")

does someone know whats the problem and how to solve it?

thanks
  NetRacer
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] acl resource

[Noel Kelly]

Norman,

I find it is easiest to set them up using setfacl initially.

Then, assuming you have compiled Samba with the --with-acl-support flag, you
should be able to manipulate them using the Windows/Properties/Permissions
dialogue IF (here is a gotcha) you are the owner of the file/directory or
root.  If you are not the owner (and not root) then you will not be able to
change them.

Also, you cannot remove the three basic Unix perms of user:group:owner from
Windows.  Try it.

I found it is best to use setfacl to set the default ACLs on directories to
ensure they are properly propagated below.

As an administrator you might also appreciate a special admin only top-level
share which uses the 'force user=root' parameter.  Dangerous as it sounds,
it will allow you to do what you like to ACLs from within Windoze.

If you use the 'valid users=' parameter and other such Samba security
parameters then you are effectively introducing a second tier of security
which might be unnecessary and cause administrative overhead.  Personally, I
have stopped using ACLs as the Samba security gives a simpler and cleaner
way to set people's access and their is no equivalent in Windoze to NDS'
excellent overview windows of all the ACLs acting on a particular file/dir.

But circumstances dictate such things...

HTH 
Noel


-Original Message-
From: Norman Zhang [mailto:nzhang@;arkon-group.com]
Sent: 30 October 2002 18:16
To: [EMAIL PROTECTED]
Subject: [Samba] acl resource


Hi,

I'm confused of where to set ACL? Do I set them in SWAT under Security
Options (using Valid Users, Force Group, ..., etc.)? Or do I need to
hardcoded them with setfacl? Or set them in NT client? Please direct me to
the references? I already have xfs, acl, attr, compiled in.

Regards,
Norman

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL problem

[Noel Kelly]

Redhat 8 does not have ACL support in the kernel - they pulled it at the
last minute.  The user tools are there but not the actual kernel support for
them.  Read the release notes - last paragraph - for an explanation.


-Original Message-
From: Adrian Chow Seng Yien [mailto:chowadrian@;icr.a-star.edu.sg]
Sent: 15 November 2002 09:50
To: [EMAIL PROTECTED]
Subject: [Samba] ACL problem


Hi,

I am running Redhat linux 8.0.

"rpm -qa | grep acl" gives the following result
libacl-2.0.11-2
acl-2.0.11-2
libacl-devel-2.0.11-2

How can I know whether I got acl support install on my NT machine?  Do I
need to specify acl support in the smb.conf file?  
I got problem giving permission to another person for rwx to a file.



Thanks.

adrian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] acl: what's missing ?

[Herbert Hinkelstein]

hello everybody,

I'm running Debian unstable/testing using kernel 2.4.19 + (working)
acl+xattr patch 0.8.53. 
these are my installed acl-related packages and the output of
./configure concerning acls :

shai-hulud:/usr/src/samba/source# dpkg -l | grep acl; ./configure | grep
-i acl

ii  acl2.1.1-1Access control list utilities
ii  libacl12.1.1-1Access control list shared library
ii  libacl1-dev2.1.1-1Access control list static libraries
and hea
checking for sys/acl.h... yes
checking for _acl... no
checking for __acl... no
checking for _facl... no
checking for __facl... no
checking whether to support ACLs... no

now, what am i missing here ? why is acl support _not included ? 
thanks in advance!
wolfgang

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Bradley W. Langhorst]

On Tue, 2002-12-03 at 13:06, Saulius Gurklys wrote:
> Hello,
>   short and maybe stupid question - can samba work with ACL when
> fs is etx2(ext3)?(i think no, but not sure) If NO what file system I need
> to make use of ACLs?
acls can work with ext2/ext3 but you have to apply the patches from
bestbits.

xfs is a better choice and has the acl stuff built in.


brad
-- 
Bradley W. Langhorst <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Ronan Waide]

On December 3, [EMAIL PROTECTED] said:
> acls can work with ext2/ext3 but you have to apply the patches from
> bestbits.
> 
> xfs is a better choice and has the acl stuff built in.

Actually, RedHat's recent precompiled kernels appear to have acls
enabled by default.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
"The majority were fairly uncategorizable freaks, but you could tell that even
 the most normal-looking people there were still the weirdest people at their
 day job." - Jamie Zawinski
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[James S. Martin]

I'm not so sure about this... but looking at the changelog for Red Hat's
2.4.18-18.7.x kernel says (for RH 7.2) :


grep -B 2 -i acl kernel-2.4.spec

* Mon Aug 12 2002 Arjan van de Ven <[EMAIL PROTECTED]>
- ACLs removed for now because of stability and correctness problem


If you grep the config file the kernel was built with you get:

grep -i acl kernel-2.4.18-i686-smp.config
CONFIG_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y

 grep -i xatt kernel-2.4.18-i686-smp.config
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_XATTR_SHARING=y
CONFIG_EXT3_FS_XATTR_USER=y

But if you boot with that kernel and try to mount a partition with 
acl,user_xattr options you get:

mount: wrong fs type, bad option, bad superblock on /dev/ida/c0d0p7,
   or too many mounted file systems

So it looks like the option is turned on in the kernel config, but the 
patch is not actually in the kernel.


James

Ronan Waide wrote:
On December 3, [EMAIL PROTECTED] said:


acls can work with ext2/ext3 but you have to apply the patches from
bestbits.

xfs is a better choice and has the acl stuff built in.



Actually, RedHat's recent precompiled kernels appear to have acls
enabled by default.

Cheers,
Waider.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Klein, Stefan]

On Tue, 3 Dec 2002 19:14:01 +
Ronan Waide <[EMAIL PROTECTED]> wrote:

> On December 3, [EMAIL PROTECTED] said:
> > acls can work with ext2/ext3 but you have to apply the patches from
> > bestbits.
> > 
> > xfs is a better choice and has the acl stuff built in.
> 
> Actually, RedHat's recent precompiled kernels appear to have acls
> enabled by default.

I installed RedHat 8.0 and acl on ext2/3 didn't work, with the precompiled
Kernel from SGI and xfs acl work fine.

-- 
regards,
Stefan Klein
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Ronan Waide]

On December 4, [EMAIL PROTECTED] said:
> 
> > Actually, RedHat's recent precompiled kernels appear to have acls
> > enabled by default.
> 
> I installed RedHat 8.0 and acl on ext2/3 didn't work, with the precompiled
> Kernel from SGI and xfs acl work fine.

Yup, this is why I said "appear to have" rather than "have".

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

AjD feels frustrated in his attempts to establish the delinitations of
  horror in puppy-burying.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Ronan Waide]

On December 3, [EMAIL PROTECTED] said:
> 
> So it looks like the option is turned on in the kernel config, but the 
> patch is not actually in the kernel.

No, the option/s/ are all enabled in the kernel. What's missing, I
think, is all the rest of the support: libacl, libattr, patched
fileutils, etc. I'm currently rebuilding various bits and pieces to
see if I can make it work without too much grief.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

"Turtles. Big, green turtles." - Orla
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Ronan Waide]

On December 7, [EMAIL PROTECTED] said:
> No, the option/s/ are all enabled in the kernel. What's missing, I
> think, is all the rest of the support: libacl, libattr, patched
> fileutils, etc. I'm currently rebuilding various bits and pieces to
> see if I can make it work without too much grief.

Okay, clarifying my clarification. The ACL defs are in the main
configuration section, but none of the patches in the rest of the
kernel tree appear to be present. Drat.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.
"That's something tas mentioned in passing once or twice...DSP, so
 what is it? If it's anything to do with the glorious Limerick era
 then David's probably better off out of it." - Dalton Moloney 29/03/1996
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Kip Cartwright]

Waider,
Would you mind commenting further on what you had to do to get RedHat 8.0
support ACLs.

Thanks
K.C.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & ACL

[Ronan Waide]

On December 11, [EMAIL PROTECTED] said:
> Waider,
> Would you mind commenting further on what you had to do to get RedHat 8.0
> support ACLs.
> 
> Thanks
> K.C.

Sure:
* Download kernel SRPM
* Modify patches[1]
* Spend several hours rebuilding kernel packages

[1] is obviously the tricky bit. I'm testing out the modified patches
at the moment, plus I've offered them to the bestbits guy but not yet
received a reply. I'll stick 'em on my website tomorrow at some point
and post the URL here for interested parties.

Note, I've done this for Red Hat 7.3 but since the kernel versions are
the same (2.4.18-18) I think the patches will apply easily enough to
the Red Hat 8.0 SRPM.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

"Life sucks. Get a helmet."
 - Denis Leary, as quoted by Susan Witterick on "It never rains, it POURS."
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL support

[Yura Pismerov]

Jean-Rene Cormier wrote:
> 
> Anybody got the latest version of ACL from acl.bestbit.at to work? I've
> compiled the packages, then installed them from the RPM but I had no
> luck at all. I compiled a kernel with ACL support but when I try to set
> a new permission it says permission not supported or something like
> that. I currently have a box with ACL working but it's the libacl.so.0
> lib and the new version is libacl.so.1 but I can't get that to work at
> all. Is there something I missed somewhere?

Did you mount your fs with -o acl ?
Lates version of the kernel patch requires it...

> 
> Jean-Rene Cormier
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Yuri Pismerov, Sr. System Administrator, 
TUCOWS.COM INC. (416) 535-0123  ext. 1352
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL support

[Crosby, Scott F.]

Title: RE: [Samba] ACL support





A few things you may try.


First, make sure your ACL utilities and samba are compiled against the equivalent version of the libaries; make sure your versions line up as best as possible.  Second, make sure you've mounted the filesystem with the acl option set.  user_xattrs may also be useful.

Scott F. Crosby


-Original Message-
From: Jean-Rene Cormier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 01, 2002 8:08 AM
To: Samba List
Subject: [Samba] ACL support



Anybody got the latest version of ACL from acl.bestbit.at to work? I've
compiled the packages, then installed them from the RPM but I had no
luck at all. I compiled a kernel with ACL support but when I try to set
a new permission it says permission not supported or something like
that. I currently have a box with ACL working but it's the libacl.so.0
lib and the new version is libacl.so.1 but I can't get that to work at
all. Is there something I missed somewhere?


Jean-Rene Cormier



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] ACL support

[Jean-Rene Cormier]

That must be it, I didn't see that mentioned anywhere.

Thanks a lot

Jean-Rene Cormier

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De
la part de Yura Pismerov
Envoyé : 1 octobre, 2002 10:32
À : Jean-Rene Cormier; [EMAIL PROTECTED]
Objet : Re: [Samba] ACL support

Jean-Rene Cormier wrote:
> 
> Anybody got the latest version of ACL from acl.bestbit.at to work?
I've
> compiled the packages, then installed them from the RPM but I had no
> luck at all. I compiled a kernel with ACL support but when I try to
set
> a new permission it says permission not supported or something like
> that. I currently have a box with ACL working but it's the libacl.so.0
> lib and the new version is libacl.so.1 but I can't get that to work at
> all. Is there something I missed somewhere?

Did you mount your fs with -o acl ?
Lates version of the kernel patch requires it...

> 
> Jean-Rene Cormier
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Yuri Pismerov, Sr. System Administrator, 
TUCOWS.COM INC. (416) 535-0123  ext. 1352
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] ACL support

[Jean-Rene Cormier]

Yes everything is compiled against the latest version of the libraries,
since all utilities came from acl.bestbit.at, also I was getting errors
while I was trying to set an acl manually so Samba wasn't the problem.
So to add the acl option I just add acl in the option field in fstab
right? Also what does user_xattrs will do? And are there other options
that I can put with ACL?

Jean-Rene Cormier

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De
la part de Crosby, Scott F.
Envoyé : 1 octobre, 2002 11:23
À : 'Jean-Rene Cormier'; Samba List
Objet : RE: [Samba] ACL support

A few things you may try. 
First, make sure your ACL utilities and samba are compiled against the
equivalent version of the libaries; make sure your versions line up as
best as possible.  Second, make sure you've mounted the filesystem with
the acl option set.  user_xattrs may also be useful.
Scott F. Crosby 
-Original Message- 
From: Jean-Rene Cormier [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, October 01, 2002 8:08 AM 
To: Samba List 
Subject: [Samba] ACL support 

Anybody got the latest version of ACL from acl.bestbit.at to work? I've 
compiled the packages, then installed them from the RPM but I had no 
luck at all. I compiled a kernel with ACL support but when I try to set 
a new permission it says permission not supported or something like 
that. I currently have a box with ACL working but it's the libacl.so.0 
lib and the new version is libacl.so.1 but I can't get that to work at 
all. Is there something I missed somewhere? 
Jean-Rene Cormier 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions:  http://lists.samba.org/mailman/listinfo/samba 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL re-implementation

[Jean-Michel Bonnefond]

Hello there,

Is there a 'simple' way to move all shared repository from a windows NT4 with 
NTFS to Samba over Linux with an XFS file system.

My question is how can I re-implement all the defined ACLs and shared 
declaration after copying all the repository from NT to Linux.

I suspect something like using getfacl/setfacl but I haven't a clear idea of 
what is possible, especialy if a command like getfacl is implemented on NT4 
and if the format generated can be easily reimplemented with the XFS setfacls 
command, an old remember let me think that NT ACLs don't map precisely to the 
POSIX one implemented on XFS.


Thanks for your help :-)
Jean-Michel.
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba ACL support

[Christos E. Chrisostomidis]

Dear All,

I am running samba 2.2.7-5  on a RH 8.0 box with 2.4.20-18 kernel and
I am trying to migrate a Win2K Server to Samba.
The samba RPM has --with-acl-support activated.
I manually add all the net users into the samba box using the command

useradd -s /bin/false -d /dev/null -m username

and then I transfer then into samba. Having specified:

workgroup = our_workgroup
netbios name = Server Name
security = user
encrypt passwords = yes
nt acl support = yes
etc.
[share_name_1]
path = ..
valid users = 
etc.

in the smb.conf and creating the appropriate "top level" shares with the
corresponding users
everything works very well. Users can have where they suppossed to.
The old Win2K server has a very different structure looking something
like:


However, I can not change share permisions from a Win2K client (or WinXP
client).



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support in Samba

[cksoo]

Hi,

I am new to samba server, I install it sucessfully and the smb server also
work well.

Now, I try to implement the ACL with similar to the ACL in windos 2000
server. However, I failed to implement it until file level, can someone
guide me to implement me.

regards,
cksoo


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] acl: what's missing ?

[Markus Amersdorfer]

On 22 Nov 2002 13:26:30 +0100
Herbert Hinkelstein <[EMAIL PROTECTED]> wrote:

Hi Herbert!

> ii  acl2.1.1-1Access control list utilities
> ii  libacl12.1.1-1Access control list shared library
> ii  libacl1-dev2.1.1-1Access control list static libraries
> [...]
> checking for sys/acl.h... yes
> checking for _acl... no
> checking for __acl... no
> checking for _facl... no
> checking for __facl... no
> checking whether to support ACLs... no

I think you're missing acl-dev.
Furthermore you need to "activate" ACL in Debian's Samba-packages by
hand.
I described what I did to get ACL with Samba (and XFS as the
filesystem) working here: http://homex.subnet.at/~max/comp-12_xfs.php

Hope this helps.

So long,
Max

-- 
The first time any man's freedom is trodden on, we're all damaged.
   

http://homex.subnet.at/~max/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL issues still unresolved

[Andrew Furey]

Hi all,

The two problems I'm having with ACLs on a W2k domain are still no 
closer to a solution. To wit, they were:

(a) Users accessing the ACL properties dialog on W2k can modify and 
remove existing ACLs on a given file, but they cannot add new ones (that 
can only be done with setfacl on the cmdline; the changes are then 
recognised);

(b) In said ACL properties dialog, the usernames displayed are the UNIX 
ones, not the ones converted with the username map option.

Does anyone have any more suggestions on these? I would have thought 
that the first problem particularly was quite critical. Should I take it 
to the samba-technical list?

Any thoughts much appreciated.

--
ANDREW FUREY <[EMAIL PROTECTED]> - Sysadmin/developer for Terminus.
Providing online networks of Australian lawyers (http://www.ilaw.com.au)
and Linux experts (http://www.linuxconsultants.com.au) for instant help!
Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL issues still unresolved

[Dragan Krnic]

>(b) In said ACL properties dialog, the usernames displayed 
>are the UNIX ones, not the ones converted with the username 
>map option.

Why not use original Windows names and take users map out of the loop?

While a blank in user's name is strictly a no-no and all lower case is
preferable, most *nices can deal with names longer than 8 chars, 
although "ls -l"-listings may appear messy.

As for your (a) question, should we chase back your previous mails
to find out exactly what samba version on which platform you are
using, or can you discretely include that info in a mail?


_
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba ACL strange problem

[Trong Ho]

HI all,
I had install samba 2.2.3a-6 on Linux RedHat 7.3. I had recompile the kernel
support ACL.
I know that with samba >= 2.2 support ACL too
but it's seem there something wrong here when i got this mess.
It's look like samba does not support ACL
Are there anyone could help me get out of this problem
Thank You
Trong Ho
PS: attach file is my smb.conf
[root@file /]# getfacl /home/current/common
getfacl: Removing leading '/' from absolute path names
# file: home/current/common
# owner: hung
# group: users
user::rwx
user:hung:rw-
user:tin:rw-
group::---
mask::rw-
other::---

[root@file /]# smbcacls file://file/current common -U tin%tin
REVISION:1
OWNER:FILE\hung
GROUP:FILE\users
ACL:Everyone:ALLOWED/0/O
ACL:FILE\hung:ALLOWED/0/FULL
ACL:FILE\users:ALLOWED/0/RW
ACL:FILE\hung:ALLOWED/11/FULL
ACL:FILE\users:ALLOWED/11/R
ACL:Everyone:ALLOWED/11/R





smb.conf
Description: Binary data

Re: RE : [Samba] ACL support

[Yura Pismerov]

Jean-Rene Cormier wrote:
> 
> That must be it, I didn't see that mentioned anywhere.


It is right here in red (almost) colour :) 

http://acl.bestbits.at/download.html#Kernel


> 
> Thanks a lot
> 
> Jean-Rene Cormier
> 
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De
> la part de Yura Pismerov
> Envoyé : 1 octobre, 2002 10:32
> À : Jean-Rene Cormier; [EMAIL PROTECTED]
> Objet : Re: [Samba] ACL support
> 
> Jean-Rene Cormier wrote:
> >
> > Anybody got the latest version of ACL from acl.bestbit.at to work?
> I've
> > compiled the packages, then installed them from the RPM but I had no
> > luck at all. I compiled a kernel with ACL support but when I try to
> set
> > a new permission it says permission not supported or something like
> > that. I currently have a box with ACL working but it's the libacl.so.0
> > lib and the new version is libacl.so.1 but I can't get that to work at
> > all. Is there something I missed somewhere?
> 
> Did you mount your fs with -o acl ?
> Lates version of the kernel patch requires it...
> 
> >
> > Jean-Rene Cormier
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> 
> Yuri Pismerov, Sr. System Administrator,
> TUCOWS.COM INC. (416) 535-0123  ext. 1352
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Yuri Pismerov, Sr. System Administrator, 
TUCOWS.COM INC. (416) 535-0123  ext. 1352
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : RE : [Samba] ACL support

[Jean-Rene Cormier]

Maybe they should put it in a brighter red ;) But thanks now it works!

Jean-Rene Cormier


-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De la part de Yura Pismerov
Envoyé : 1 octobre, 2002 13:03
À : Jean-Rene Cormier
Cc : [EMAIL PROTECTED]
Objet : Re: RE : [Samba] ACL support

Jean-Rene Cormier wrote:
> 
> That must be it, I didn't see that mentioned anywhere.


It is right here in red (almost) colour :) 

http://acl.bestbits.at/download.html#Kernel


> 
> Thanks a lot
> 
> Jean-Rene Cormier
> 
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] De
> la part de Yura Pismerov
> EnvoyИ : 1 octobre, 2002 10:32
> ю : Jean-Rene Cormier; [EMAIL PROTECTED]
> Objet : Re: [Samba] ACL support
> 
> Jean-Rene Cormier wrote:
> >
> > Anybody got the latest version of ACL from acl.bestbit.at to work?
> I've
> > compiled the packages, then installed them from the RPM but I had no
> > luck at all. I compiled a kernel with ACL support but when I try to
> set
> > a new permission it says permission not supported or something like
> > that. I currently have a box with ACL working but it's the libacl.so.0
> > lib and the new version is libacl.so.1 but I can't get that to work at
> > all. Is there something I missed somewhere?
> 
> Did you mount your fs with -o acl ?
> Lates version of the kernel patch requires it...
> 
> >
> > Jean-Rene Cormier
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> 
> Yuri Pismerov, Sr. System Administrator,
> TUCOWS.COM INC. (416) 535-0123  ext. 1352
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Yuri Pismerov, Sr. System Administrator, 
TUCOWS.COM INC. (416) 535-0123  ext. 1352


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + acl + Domain Admins

[Vladimir Nikolic]

Hi!

I am running samba-2.2.7a with winbind and acl. I've setup share with 
default owner 'administrator' and group owner 'Domain Admins' and let 
access to others throw acl. Trouble is, when some user from 'Domain 
Admins' group changes some file, he also changes user and group owner to 
'his_username' and 'Domain Users'. I've checked smb.conf and there is:

domain admin group =
admin users =
which means that no one has rights to change file ownerships.
What is wrong then?
Thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Unofficial Samba+ACL HOWTO

[Paul Eggleton]

Hi all,

I have finally got around to updating my unofficial HOWTO on setting up
Samba with ACL support:
http://www.bluelightning.org/linux/samba_acl_howto

As always, comments and suggestions welcome.

Cheers,
Paul

PS: Where is everyone lately? There seem to be a lot more questions than
answers on this list over the last few days. On the other hand I guess
it is getting pretty close to release time.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL permissions with XP problem

[Brad Sagowitz]

Wondering if anyone can help...

here is my setup:

RedHat 7.3 with XFS (using the XFS install disk)
After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
with the --with-acl-support option in the samba.spec file
then upgraded the resulting rpm files
I've added the machine accounts and made root a smb user
I can log in successfully(after applying the xp registry hack), the problem
comes in when I try to change permission on a file from windows explorer.
For example adding users to give them rwx permissions on a file gives me
access denied.
Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
file and add a user, that user does not show up on the security tab in XP.
And one other thing... I check the log for the XP machine and it has this
error
"is104 (192.168.0.104) couldn't find service screenings"

Any help would be greatly appreciated

Thanks




here is my smb.conf file:

[global]
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
domain master = yes
dns proxy = no
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
short preserve case = no
printcap name = /etc/printcap
wins support = yes
max log size = 0
preferred master = yes
logon script = %U.bat
password level = 4
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
security = user
domain logons = yes
unix password sync = Yes
workgroup = JDMC
server string = JDMC Samba Server
local master = yes
netbios name = THE-SCOOP
log file = /var/log/samba/%m.log
load printers = no
os level = 64

[netlogon]
path = /home/netlogon
public = no
read only = yes

[homes]
path = %H
volume = Private
writable = yes
comment = Private Share
valid users = %S
browseable = no
create mode = 0764
directory mode = 0775

[general]
path = /shares/general
writeable = yes
public = yes
valid users = @users,@root,root
force group = users
force create mode = 764

Brad Sagowitz
Operating Systems Specialist III
A+, MCP, Linux+, CCAI-UNIX
1125 E. Alameda
Norman, OK 73071
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL bug FIXes for get_nt_acl()

[Sergey Zhitomirsky]

Two attached patches for samba 2.2.7a and 3.0-alfa22,
that I've made today, fix 3 bugs mentioned in my previous e-mail.

1) For each file  in addition to ALLOW ACE 
   proper DENY ACE is created.
2) "Take ownership" is shown DENIED for all except root  ACEs
3) Read Permissions  and  read attributes  are always shown as allowed,
as they are actually allowed.


--
Zhitomirsky Sergey.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL not working under 3.0alpha22

[Jeffrey D. Means]

When trying to change ACL entries with win xp or samba smbcacls I can
not effect any changes to the ACL’s.  Any Ideas??
 
Command used to generate log file ‘smbcacls //bast/profiles . –U
meaje%mypassword –C meaje –G “Domain Admins”’
 
---
Jeffrey D. Means
CIO for MeansPC
HYPERLINK "mailto:[EMAIL PROTECTED]"[EMAIL PROTECTED] HYPERLINK
"http://www.meanspc.com"http://www.meanspc.com
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL support in Samba

[Jay Ts]

cksoo wrote:
> 
> Now, I try to implement the ACL with similar to the ACL in windos 2000
> server. However, I failed to implement it until file level, can someone
> guide me to implement me.

1. You need to run Samba on a Unix system with a filesystem that
supports ACLs.

2. When compiling Samba, use the --with-acls option with configure:

# ./configure --with-acls

Jay Ts
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL support in Samba

[Christopher Barry]

On Thu, 2002-10-24 at 22:00, Jay Ts wrote:

cksoo wrote:
> 
> Now, I try to implement the ACL with similar to the ACL in windos 2000
> server. However, I failed to implement it until file level, can someone
> guide me to implement me.

1. You need to run Samba on a Unix system with a filesystem that
supports ACLs.

2. When compiling Samba, use the --with-acls option with configure:

# ./configure --with-acls

Jay Ts
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


What (in hopefully many opinions) is the best ACL supporting fs for Linux?



Thanks,

Christopher

Re: [Samba] ACL support in Samba

[Bradley W. Langhorst]

On Fri, 2002-10-25 at 10:00, Christopher Barry wrote:


> What (in hopefully many opinions) is the best ACL supporting fs for
> Linux?

the options are  (i think)
ext3 + patches from bestbits
ext2 + patches
xfs

xfs in my hands has been much more reliable and faster

brad


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL support in Samba

[David Brodbeck]

> -Original Message-
> From: Bradley W. Langhorst [mailto:brad@;langhorst.com]
> Sent: Friday, October 25, 2002 9:38 AM
> To: Christopher Barry
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] ACL support in Samba
> 
> 
> On Fri, 2002-10-25 at 10:00, Christopher Barry wrote:
> 
> 
> > What (in hopefully many opinions) is the best ACL supporting fs for
> > Linux?
> 
> the options are  (i think)
> ext3 + patches from bestbits
> ext2 + patches
> xfs
> 
> xfs in my hands has been much more reliable and faster

ext3 + patches or ext2 + patches work fine too, and are a nice option if
you're looking to add ACLs to an existing filesystem.  They also have a
distinct advantage from my point of view -- they can be mounted as ordinary
ext2 filesystems.  This means, in a pinch, you can use ordinary rescue disks
and recovery tools.

I have nothing against XFS, though I haven't used it.  Just presenting my
own perspective.

ext2 and ext3 ACLs do have the disadvantage that the on-disk format and in
some cases the kernel interface is a moving target.  Generally this hasn't
been a problem for me, but it does mean you have to be careful if you
upgrade to a newer version.  Depending on the release number you sometimes
have to use getfacl and setfacl to backup and then restore your ACLs (if the
on-disk format has changed).  The setfacl part of this procedure, in
particular, can be time-consuming for big filesystems, especially if you use
winbindd -- it took a few hours, last time I did it.  Generally you want to
be backing up the ACLs to flat files periodically anyway, since there aren't
currently many backup tools that understand ACLs.

If you're looking for an ACL-enabled filesystem that's built into a
distribution, XFS is currently your only choice.  If you want to use ext2 or
ext3 ACL patches you'll need to patch and compile your own kernel and
filesystem tools.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL support in Samba

[Bradley W. Langhorst]

On Fri, 2002-10-25 at 09:57, David Brodbeck wrote:


> Generally you want to
> be backing up the ACLs to flat files periodically anyway, since there aren't
> currently many backup tools that understand ACLs.

I agree with all you've said.
You bring up the point of backups...
xfsdump does support acls so there is nothing 
else to worry about when you make a backup

brad

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL support in Samba

[Buchan Milne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Message: 17
> From: David Brodbeck <[EMAIL PROTECTED]>
> To: "'Bradley W. Langhorst'" <[EMAIL PROTECTED]>,
>   Christopher Barry <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Samba] ACL support in Samba
> Date: Fri, 25 Oct 2002 09:57:24 -0400
>
>
>> -Original Message-
>> From: Bradley W. Langhorst [mailto:brad@;langhorst.com]
>> Sent: Friday, October 25, 2002 9:38 AM
>> To: Christopher Barry
>> Cc: [EMAIL PROTECTED]
>> Subject: Re: [Samba] ACL support in Samba
>>
>>
>> On Fri, 2002-10-25 at 10:00, Christopher Barry wrote:
>>
>>
>
>> > What (in hopefully many opinions) is the best ACL supporting fs for
>> > Linux?
>
>>
>> the options are  (i think)
>> ext3 + patches from bestbits
>> ext2 + patches
>> xfs
>>
>> xfs in my hands has been much more reliable and faster
>
>
> ext3 + patches or ext2 + patches work fine too, and are a nice option if
> you're looking to add ACLs to an existing filesystem.  They also have a
> distinct advantage from my point of view -- they can be mounted as
ordinary
> ext2 filesystems.  This means, in a pinch, you can use ordinary rescue
disks
> and recovery tools.

My ordinary rescue tools (Mandrake installation CD booted with the
'rescue' optoin, and Knoppix 3.1) have XFS support ...

>
> I have nothing against XFS, though I haven't used it.  Just presenting my
> own perspective.
>
> ext2 and ext3 ACLs do have the disadvantage that the on-disk format and in
> some cases the kernel interface is a moving target.  Generally this hasn't
> been a problem for me, but it does mean you have to be careful if you
> upgrade to a newer version.  Depending on the release number you sometimes
> have to use getfacl and setfacl to backup and then restore your ACLs
(if the
> on-disk format has changed).  The setfacl part of this procedure, in
> particular, can be time-consuming for big filesystems, especially if
you use
> winbindd -- it took a few hours, last time I did it.  Generally you
want to
> be backing up the ACLs to flat files periodically anyway, since there
aren't
> currently many backup tools that understand ACLs.
>

Besides xfsdump on XFS.

> If you're looking for an ACL-enabled filesystem that's built into a
> distribution, XFS is currently your only choice.  If you want to use
ext2 or
> ext3 ACL patches you'll need to patch and compile your own kernel and
> filesystem tools.

Not really, Mandrake 9.0 (and AFAIK, SuSE 8.1) support ACLs on Ext2/Ext3
out the box (if you use the 'acl' mount option). And of course samba is
compiled with ACL support (not sure about SuSE again).

Plus, Mandrake 9.0 has winbind support, you can join a domain during
installation (in expert installs).

Buchan


- --
|Registered Linux User #182071-|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9uWnarJK6UGDSBKcRAvmoAKCEsjRwyuGkh91G5fk4QOMDmTomywCggjWq
X3FlhMq3lfyvAUTEiAlhuFA=
=f7g6
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba ACL and EA problems

[mshaw]

Hello,


I'm currently experiencing a problem concerning Samba 2.2.3a which is 
running on RedHat 7.3 kernel 2.4.18 configured with ACLS.
While trying to upgrade the kernel to support LFS 2GB files, a reboot was performed 
after the successful recompilation and installation of new filesystem tools.  The 
system halted at mounting the /samba partition reporting errors on the filesystem.
The problem is e2fsck was run on ext3 partition while upgrading ACLs/EAs, and now it 
seems the inodes holding the ext_attr info inodes were cleared and have now screwed up 
the base dirs on the samba partition.
When typing 'ls' under the Samba dir the following error messages appear:

ls: .Bad Address
ls: homes: Bad Address
etc.

The problem is not letting us rm, rmdir, mv, etc.. these dirs as well as 
/homes/username dirs.

Our current work around for creating new users is to create an alternate /home dir 
which is /samba/home instead of /samba/homes.
Other than that, the users have not reported any problems.

If anybody has any ideas or input it would be greatly appreciated.
We are stuck in a bit of a pickle.  We don't know exactly how this occurred and if it 
will get any worse.

If this is unclear, please let me know.

Regards,

Matthew Shaw
Network Administrator
MarkIV Industries/IVHS Division
Phone: 905.624.7910
Fax: 905.625.6197
E-mail: 
[EMAIL PROTECTED]¢éì¹»®&Þ~º&¶¬–+-‚‹h¶Ÿ¢YhÂ)àQڝÚÞiÛaz)춻œ¶*'²m§ÿåŠËl±©›jŠàþf¢–f§þX¬¶)ߣû™¶

Re: [Samba] ACL issues still unresolved

[Andrew Furey]

(b) In said ACL properties dialog, the usernames displayed 
are the UNIX ones, not the ones converted with the username 
map option.

Why not use original Windows names and take users map out of the loop?

While a blank in user's name is strictly a no-no and all lower case is
preferable, most *nices can deal with names longer than 8 chars, 
although "ls -l"-listings may appear messy.

As for your (a) question, should we chase back your previous mails
to find out exactly what samba version on which platform you are
using, or can you discretely include that info in a mail?

Sorry, I should have specified - Samba 2.2.7 manually compiled with 
ACLs, on Debian unstable.


However, I have just this morning worked out both of those problems. For 
all the future Googlers out there who are banging their heads against 
the wall as much as I have been:

IF IN DOUBT, USE WINBIND.

Setting up winbind with the nsswitch.conf stuff works perfectly (as far 
as those two problems go).

Only problem I have now is working out how to preserve the ACLs on files 
 I copy from the W2k to the Samba machine. xcopy /o seems to be it, but 
it comes up with "access denied" and the file is empty, as well as 
having the default permissions (copying person is owner, etc). More 
Googling needed...

Thanks for your help, everyone.

--
ANDREW FUREY <[EMAIL PROTECTED]> - Sysadmin/developer for Terminus.
Providing online networks of Australian lawyers (http://www.ilaw.com.au)
and Linux experts (http://www.linuxconsultants.com.au) for instant help!
Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL issues still unresolved

[Dragan Krnic]

 
--

On Fri, 06 Dec 2002 15:24:17  
 Andrew Furey wrote:
>>>(b) In said ACL properties dialog, the usernames displayed 
>>>are the UNIX ones, not the ones converted with the username 
>>>map option.
>> 
>> Why not use original Windows names and take users map out of 
>> the loop?
...
>However, I have just this morning worked out both of those problems. 
>For all the future Googlers out there who are banging their heads 
>against the wall as much as I have been:
>   IF IN DOUBT, USE WINBIND.
>Setting up winbind with the nsswitch.conf stuff works perfectly 
>(as ar as those two problems go).
>
>Only problem I have now is working out how to preserve the ACLs on 
>files I copy from the W2k to the Samba machine. xcopy /o seems to 
>be it, but it comes up with "access denied" and the file is empty, 
>as well as having the default permissions (copying person is owner, 
>etc). More Googling needed...

I've banged my head over it, trying to 
   a) get the full listing of ACLs with tools in support pack
   b) build some Perl scripts to produce something like the
  output of "getfacl -R"
   c) apply "setfacl --restore=old.acls"

The tools in support pack were too flakey to begin with. Perhaps I 
should have tricked the system to let me execute it as SYS in a 
service shell but didn't have the time to bother so much. So I 
distributed and delegated. Home shares are easy to assign proper
ACLs, projects usually have a discernible permission pattern which
can be reconstructed wholesale and when in doubt ask someone who knows
or else you're migration won't be done until Xmass. 

It would be a tremendous help for all newbies and other migrants if 
someone lurking on this maillist went a step further than I did and 
were willing to share the experience.


_
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL issues still unresolved

[David Brodbeck]

> -Original Message-
> From: Dragan Krnic [mailto:[EMAIL PROTECTED]]

> Home shares are easy to assign proper
> ACLs, projects usually have a discernible permission pattern which
> can be reconstructed wholesale and when in doubt ask someone who knows
> or else you're migration won't be done until Xmass. 

That's pretty much what I did.  It was just as well, since the original
permissions turned out to have no relation to reality anyway. ;)

Default ACLs are your friend, by the way.  If you set the default folder
ACLs to reasonable values the file ACLs pretty much take care of themselves
from then on.  This has been the best thing that ever happened to my company
as far as data integrity goes -- departments can't inadvertantly screw up
each others' files anymore.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL issues still unresolved

[Ronan Waide]

On December 6, [EMAIL PROTECTED] said:
> It would be a tremendous help for all newbies and other migrants if 
> someone lurking on this maillist went a step further than I did and 
> were willing to share the experience.

I'm currently looking at exactly this setup in order to migrate some
shares off an NT box. I see two basic problems here:

1. smbclient and smbmnt/smbmount don't, apparently, have any support
   for ACLs
2. smbcacls is not format-compatible with getfacls.

I would presume the first is on the (eventual) todo list for the samba
team, but the second seems to be a short-term solution that would work
nicely.

As is, I'm thinking I'm better off with the approach suggested by
another poster, which is to take this opportunity to review the ACLs
on the shares and correct them manually. It's going to hurt, of
course, but the end result will be a better configuration.

Cheers,
Waider.
-- 
[EMAIL PROTECTED] / Yes, it /is/ very personal of me.

"The interior decorating site is something to behold. Preferably with
 welders glasses." - AjD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL issues still unresolved

[Dragan Krnic]

>I'm currently looking at exactly this setup in order to migrate
>some shares off an NT box. I see two basic problems here:
>
>1. smbclient and smbmnt/smbmount don't, apparently,
>   have any support for ACLs
>2. smbcacls is not format-compatible with getfacls.
>
>I would presume the first is on the (eventual) todo list for
>the samba team, but the second seems to be a short-term
>solution that would work nicely.

When I moved shares I used Veritas BackupExec to restore a
regular NT backup to a *nix. This gave all rights to 
smbnull:smbnull. Since I was frustrated with NT acl
commands I never came around to format conversions.
A one-time manual adjustment wasn't nearly as hard as I
thought it would be.


_
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL issues still unresolved

[Andrew Furey]

2. smbcacls is not format-compatible with getfacls.

the second seems to be a short-term solution that would work nicely.


Following the suggestion of Tony BT I'm planning to write a Perl script 
to get the output of smbcacls for each file and convert it to the 
appropriate chown/setfacl commands (and apply them) for each file that 
has been copied.

If anyone wants a copy when I'm done, let me know.

--
ANDREW FUREY <[EMAIL PROTECTED]> - Sysadmin/developer for Terminus.
Providing online networks of Australian lawyers (http://www.ilaw.com.au)
and Linux experts (http://www.linuxconsultants.com.au) for instant help!
Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unofficial Samba+ACL HOWTO

[Buchan Milne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Message: 54
> Date: Wed, 23 Jul 2003 13:11:38 +1200
> From: "Paul Eggleton" <[EMAIL PROTECTED]>
> Subject: [Samba] Unofficial Samba+ACL HOWTO
> To: <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi all,
>
> I have finally got around to updating my unofficial HOWTO on setting up
> Samba with ACL support:
> http://www.bluelightning.org/linux/samba_acl_howto
>
> As always, comments and suggestions welcome.
>

You may want to change the title to be "Unofficial Redhat Samba + ACL +
Winbind Howto", since most other distros have ACL support out the box
(Mandrake since 8.1 has had ACL support on XFS, 9.0 had ACL support on
ext2/3 also, most recent SuSE releases had ACL support on XFS, some on
ext2/3, I believe one of the Debain kernels has XFS/ACL support), and
Mandrake 9.0 and 9.1 will setup winbind for you during installation.

Regards,
Buchan

- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/HrM8rJK6UGDSBKcRAgZeAKC+wZN5sJpsLMUWYN/n7li//8KveQCeP8D9
c6zUongSCjg3j5bwiUOy7Qw=
=jM6n
-END PGP SIGNATURE-

**
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy.
**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Unofficial Samba+ACL HOWTO

[Paul Eggleton]

Buchan Milne wrote on Thursday, 24 July 2003 4:10 a.m.:
> You may want to change the title to be "Unofficial Redhat Samba + ACL
> + Winbind Howto", since most other distros have ACL support out the
> box (Mandrake since 8.1 has had ACL support on XFS, 9.0 had ACL
> support on ext2/3 also, most recent SuSE releases had ACL support on
> XFS, some on ext2/3, I believe one of the Debain kernels has XFS/ACL
> support), and Mandrake 9.0 and 9.1 will setup winbind for you during
> installation.  

I do realise my howto is very Red Hat specific, however there are plenty
of other distributions that don't have ACL support out of the box
(Slackware, Gentoo, others?). Besides, merely having ACLs enabled in the
file system is not enough - you have to understand the limitations of
POSIX ACLs as well as how Samba's ACL support works, which is the other
main point of the howto.

Cheers,
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL permissions with XP problem

[Thomas Klettke]

I've added a line to the share in smb.conf:

nt acl support = yes

See if that helps.

Thomas


On Thu, 2003-02-27 at 09:47, Brad Sagowitz wrote:
> Wondering if anyone can help...
> 
> here is my setup:
> 
> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> with the --with-acl-support option in the samba.spec file
> then upgraded the resulting rpm files
> I've added the machine accounts and made root a smb user
> I can log in successfully(after applying the xp registry hack), the problem
> comes in when I try to change permission on a file from windows explorer.
> For example adding users to give them rwx permissions on a file gives me
> access denied.
> Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> file and add a user, that user does not show up on the security tab in XP.
> And one other thing... I check the log for the XP machine and it has this
> error
> "is104 (192.168.0.104) couldn't find service screenings"
> 
> Any help would be greatly appreciated
> 
> Thanks
> 
> 
> 
> 
> here is my smb.conf file:
> 
> [global]
>   smb passwd file = /etc/samba/smbpasswd
>   passwd program = /usr/bin/passwd %u
>   domain master = yes
>   dns proxy = no
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   short preserve case = no
>   printcap name = /etc/printcap
>   wins support = yes
>   max log size = 0
>   preferred master = yes
>   logon script = %U.bat
>   password level = 4
>   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>   security = user
>   domain logons = yes
>   unix password sync = Yes
>   workgroup = JDMC
>   server string = JDMC Samba Server
>   local master = yes
>   netbios name = THE-SCOOP
>   log file = /var/log/samba/%m.log
>   load printers = no
>   os level = 64
> 
> [netlogon]
>   path = /home/netlogon
>   public = no
>   read only = yes
> 
> [homes]
>   path = %H
>   volume = Private
>   writable = yes
>   comment = Private Share
>   valid users = %S
>   browseable = no
>   create mode = 0764
>   directory mode = 0775
> 
> [general]
>   path = /shares/general
>   writeable = yes
>   public = yes
>   valid users = @users,@root,root
> force group = users
> force create mode = 764
> 
> Brad Sagowitz
> Operating Systems Specialist III
> A+, MCP, Linux+, CCAI-UNIX
> 1125 E. Alameda
> Norman, OK 73071
> [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Brad Sagowitz]

My understanding was that nt acl support = yes was a default... but I added
it anyway and restarted to no avail.

Whenever I edit a files permissions (as root) from a XP client I get the
error

"Unable to save permission changes on 
 Access is denied. "



-Original Message-
From: Thomas Klettke [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 11:16 AM
To: Brad Sagowitz
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] ACL permissions with XP problem


I've added a line to the share in smb.conf:

nt acl support = yes

See if that helps.

Thomas


On Thu, 2003-02-27 at 09:47, Brad Sagowitz wrote:
> Wondering if anyone can help...
>
> here is my setup:
>
> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> with the --with-acl-support option in the samba.spec file
> then upgraded the resulting rpm files
> I've added the machine accounts and made root a smb user
> I can log in successfully(after applying the xp registry hack), the
problem
> comes in when I try to change permission on a file from windows explorer.
> For example adding users to give them rwx permissions on a file gives me
> access denied.
> Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> file and add a user, that user does not show up on the security tab in XP.
> And one other thing... I check the log for the XP machine and it has this
> error
> "is104 (192.168.0.104) couldn't find service screenings"
>
> Any help would be greatly appreciated
>
> Thanks
>
>
>
>
> here is my smb.conf file:
>
> [global]
>   smb passwd file = /etc/samba/smbpasswd
>   passwd program = /usr/bin/passwd %u
>   domain master = yes
>   dns proxy = no
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   short preserve case = no
>   printcap name = /etc/printcap
>   wins support = yes
>   max log size = 0
>   preferred master = yes
>   logon script = %U.bat
>   password level = 4
>   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>   security = user
>   domain logons = yes
>   unix password sync = Yes
>   workgroup = JDMC
>   server string = JDMC Samba Server
>   local master = yes
>   netbios name = THE-SCOOP
>   log file = /var/log/samba/%m.log
>   load printers = no
>   os level = 64
>
> [netlogon]
>   path = /home/netlogon
>   public = no
>   read only = yes
>
> [homes]
>   path = %H
>   volume = Private
>   writable = yes
>   comment = Private Share
>   valid users = %S
>   browseable = no
>   create mode = 0764
>   directory mode = 0775
>
> [general]
>   path = /shares/general
>   writeable = yes
>   public = yes
>   valid users = @users,@root,root
> force group = users
> force create mode = 764
>
> Brad Sagowitz
> Operating Systems Specialist III
> A+, MCP, Linux+, CCAI-UNIX
> 1125 E. Alameda
> Norman, OK 73071
> [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Thomas Klettke]

No clue here yet, just guesses.

What happens when you repeat the experiment with a Windows 2000 (or NT)
client? I don't expect it to make a difference, but to rule out that XP
is the problem.

>From what I see so far it seems that there is a discrepancy between the
Unix and Samba IDs - not sure though.


On Fri, 2003-02-28 at 11:29, Brad Sagowitz wrote:
> My understanding was that nt acl support = yes was a default... but I added
> it anyway and restarted to no avail.
> 
> Whenever I edit a files permissions (as root) from a XP client I get the
> error
> 
> "Unable to save permission changes on 
>  Access is denied. "
> 
> 
> 
> -Original Message-
> From: Thomas Klettke [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 28, 2003 11:16 AM
> To: Brad Sagowitz
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] ACL permissions with XP problem
> 
> 
> I've added a line to the share in smb.conf:
> 
> nt acl support = yes
> 
> See if that helps.
> 
> Thomas
> 
> 
> On Thu, 2003-02-27 at 09:47, Brad Sagowitz wrote:
> > Wondering if anyone can help...
> >
> > here is my setup:
> >
> > RedHat 7.3 with XFS (using the XFS install disk)
> > After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> > with the --with-acl-support option in the samba.spec file
> > then upgraded the resulting rpm files
> > I've added the machine accounts and made root a smb user
> > I can log in successfully(after applying the xp registry hack), the
> problem
> > comes in when I try to change permission on a file from windows explorer.
> > For example adding users to give them rwx permissions on a file gives me
> > access denied.
> > Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> > file and add a user, that user does not show up on the security tab in XP.
> > And one other thing... I check the log for the XP machine and it has this
> > error
> > "is104 (192.168.0.104) couldn't find service screenings"
> >
> > Any help would be greatly appreciated
> >
> > Thanks
> >
> >
> >
> >
> > here is my smb.conf file:
> >
> > [global]
> > smb passwd file = /etc/samba/smbpasswd
> > passwd program = /usr/bin/passwd %u
> > domain master = yes
> > dns proxy = no
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > short preserve case = no
> > printcap name = /etc/printcap
> > wins support = yes
> > max log size = 0
> > preferred master = yes
> > logon script = %U.bat
> > password level = 4
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > security = user
> > domain logons = yes
> > unix password sync = Yes
> > workgroup = JDMC
> > server string = JDMC Samba Server
> > local master = yes
> > netbios name = THE-SCOOP
> > log file = /var/log/samba/%m.log
> > load printers = no
> > os level = 64
> >
> > [netlogon]
> > path = /home/netlogon
> > public = no
> > read only = yes
> >
> > [homes]
> > path = %H
> > volume = Private
> > writable = yes
> > comment = Private Share
> > valid users = %S
> > browseable = no
> > create mode = 0764
> > directory mode = 0775
> >
> > [general]
> > path = /shares/general
> > writeable = yes
> > public = yes
> > valid users = @users,@root,root
> > force group = users
> > force create mode = 764
> >
> > Brad Sagowitz
> > Operating Systems Specialist III
> > A+, MCP, Linux+, CCAI-UNIX
> > 1125 E. Alameda
> > Norman, OK 73071
> > [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Brad Sagowitz]

I dont have a win2k machine but I'm loading one now to see.   Thanks for
your help!

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Thomas Klettke
Sent: Friday, February 28, 2003 11:52 AM
To: Brad Sagowitz
Cc: [EMAIL PROTECTED]
Subject: RE: [Samba] ACL permissions with XP problem


No clue here yet, just guesses.

What happens when you repeat the experiment with a Windows 2000 (or NT)
client? I don't expect it to make a difference, but to rule out that XP
is the problem.

>From what I see so far it seems that there is a discrepancy between the
Unix and Samba IDs - not sure though.


On Fri, 2003-02-28 at 11:29, Brad Sagowitz wrote:
> My understanding was that nt acl support = yes was a default... but I
added
> it anyway and restarted to no avail.
>
> Whenever I edit a files permissions (as root) from a XP client I get the
> error
>
> "Unable to save permission changes on 
>  Access is denied. "
>
>
>
> -Original Message-
> From: Thomas Klettke [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 28, 2003 11:16 AM
> To: Brad Sagowitz
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] ACL permissions with XP problem
>
>
> I've added a line to the share in smb.conf:
>
> nt acl support = yes
>
> See if that helps.
>
> Thomas
>
>
> On Thu, 2003-02-27 at 09:47, Brad Sagowitz wrote:
> > Wondering if anyone can help...
> >
> > here is my setup:
> >
> > RedHat 7.3 with XFS (using the XFS install disk)
> > After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt
it
> > with the --with-acl-support option in the samba.spec file
> > then upgraded the resulting rpm files
> > I've added the machine accounts and made root a smb user
> > I can log in successfully(after applying the xp registry hack), the
> problem
> > comes in when I try to change permission on a file from windows
explorer.
> > For example adding users to give them rwx permissions on a file gives me
> > access denied.
> > Now... I tried getfacl and setfacl and both work.  When I use setfacl on
a
> > file and add a user, that user does not show up on the security tab in
XP.
> > And one other thing... I check the log for the XP machine and it has
this
> > error
> > "is104 (192.168.0.104) couldn't find service screenings"
> >
> > Any help would be greatly appreciated
> >
> > Thanks
> >
> >
> >
> >
> > here is my smb.conf file:
> >
> > [global]
> > smb passwd file = /etc/samba/smbpasswd
> > passwd program = /usr/bin/passwd %u
> > domain master = yes
> > dns proxy = no
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > short preserve case = no
> > printcap name = /etc/printcap
> > wins support = yes
> > max log size = 0
> > preferred master = yes
> > logon script = %U.bat
> > password level = 4
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > security = user
> > domain logons = yes
> > unix password sync = Yes
> > workgroup = JDMC
> > server string = JDMC Samba Server
> > local master = yes
> > netbios name = THE-SCOOP
> > log file = /var/log/samba/%m.log
> > load printers = no
> > os level = 64
> >
> > [netlogon]
> > path = /home/netlogon
> > public = no
> > read only = yes
> >
> > [homes]
> > path = %H
> > volume = Private
> > writable = yes
> > comment = Private Share
> > valid users = %S
> > browseable = no
> > create mode = 0764
> > directory mode = 0775
> >
> > [general]
> > path = /shares/general
> > writeable = yes
> > public = yes
> > valid users = @users,@root,root
> > force group = users
> > force create mode = 764
> >
> > Brad Sagowitz
> > Operating Systems Specialist III
> > A+, MCP, Linux+, CCAI-UNIX
> > 1125 E. Alameda
> > Norman, OK 73071
> > [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL permissions with XP problem

[Raphael Berghmans]

Hi,

Which version of libacl and libattr do you use ?

Because I think that for samba you need at least de version 2.0.12.

See you,

Raphaël


On Thu, 2003-02-27 at 16:47, Brad Sagowitz wrote:
> Wondering if anyone can help...
> 
> here is my setup:
> 
> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> with the --with-acl-support option in the samba.spec file
> then upgraded the resulting rpm files
> I've added the machine accounts and made root a smb user
> I can log in successfully(after applying the xp registry hack), the problem
> comes in when I try to change permission on a file from windows explorer.
> For example adding users to give them rwx permissions on a file gives me
> access denied.
> Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> file and add a user, that user does not show up on the security tab in XP.
> And one other thing... I check the log for the XP machine and it has this
> error
> "is104 (192.168.0.104) couldn't find service screenings"
> 
> Any help would be greatly appreciated
> 
> Thanks
> 
> 
> 
> 
> here is my smb.conf file:
> 
> [global]
>   smb passwd file = /etc/samba/smbpasswd
>   passwd program = /usr/bin/passwd %u
>   domain master = yes
>   dns proxy = no
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   short preserve case = no
>   printcap name = /etc/printcap
>   wins support = yes
>   max log size = 0
>   preferred master = yes
>   logon script = %U.bat
>   password level = 4
>   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>   security = user
>   domain logons = yes
>   unix password sync = Yes
>   workgroup = JDMC
>   server string = JDMC Samba Server
>   local master = yes
>   netbios name = THE-SCOOP
>   log file = /var/log/samba/%m.log
>   load printers = no
>   os level = 64
> 
> [netlogon]
>   path = /home/netlogon
>   public = no
>   read only = yes
> 
> [homes]
>   path = %H
>   volume = Private
>   writable = yes
>   comment = Private Share
>   valid users = %S
>   browseable = no
>   create mode = 0764
>   directory mode = 0775
> 
> [general]
>   path = /shares/general
>   writeable = yes
>   public = yes
>   valid users = @users,@root,root
> force group = users
> force create mode = 764
> 
> Brad Sagowitz
> Operating Systems Specialist III
> A+, MCP, Linux+, CCAI-UNIX
> 1125 E. Alameda
> Norman, OK 73071
[EMAIL PROTECTED]
-- 
Raphael Berghmans <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Brad Sagowitz]

I have
libacl-2.0.9-0
libattr-2.0.7-0

But I'm very hesitant to upgrade I did this once and I couldn't even ls
after upgrade.
guess I back-up everything and give it a whirl.

anyone have a good location for rpms?


-Original Message-
From: Raphael Berghmans [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 12:57 PM
To: Brad Sagowitz
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] ACL permissions with XP problem


Hi,

Which version of libacl and libattr do you use ?

Because I think that for samba you need at least de version 2.0.12.

See you,

Raphaël


On Thu, 2003-02-27 at 16:47, Brad Sagowitz wrote:
> Wondering if anyone can help...
>
> here is my setup:
>
> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> with the --with-acl-support option in the samba.spec file
> then upgraded the resulting rpm files
> I've added the machine accounts and made root a smb user
> I can log in successfully(after applying the xp registry hack), the
problem
> comes in when I try to change permission on a file from windows explorer.
> For example adding users to give them rwx permissions on a file gives me
> access denied.
> Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> file and add a user, that user does not show up on the security tab in XP.
> And one other thing... I check the log for the XP machine and it has this
> error
> "is104 (192.168.0.104) couldn't find service screenings"
>
> Any help would be greatly appreciated
>
> Thanks
>
>
>
>
> here is my smb.conf file:
>
> [global]
>   smb passwd file = /etc/samba/smbpasswd
>   passwd program = /usr/bin/passwd %u
>   domain master = yes
>   dns proxy = no
>   encrypt passwords = yes
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   short preserve case = no
>   printcap name = /etc/printcap
>   wins support = yes
>   max log size = 0
>   preferred master = yes
>   logon script = %U.bat
>   password level = 4
>   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>   security = user
>   domain logons = yes
>   unix password sync = Yes
>   workgroup = JDMC
>   server string = JDMC Samba Server
>   local master = yes
>   netbios name = THE-SCOOP
>   log file = /var/log/samba/%m.log
>   load printers = no
>   os level = 64
>
> [netlogon]
>   path = /home/netlogon
>   public = no
>   read only = yes
>
> [homes]
>   path = %H
>   volume = Private
>   writable = yes
>   comment = Private Share
>   valid users = %S
>   browseable = no
>   create mode = 0764
>   directory mode = 0775
>
> [general]
>   path = /shares/general
>   writeable = yes
>   public = yes
>   valid users = @users,@root,root
> force group = users
> force create mode = 764
>
> Brad Sagowitz
> Operating Systems Specialist III
> A+, MCP, Linux+, CCAI-UNIX
> 1125 E. Alameda
> Norman, OK 73071
[EMAIL PROTECTED]
--
Raphael Berghmans <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Raphael Berghmans]

Hi,

You can find last version of XFS ACL here :
ftp://rpmfind.net/linux/SGILinux/cmd_rpms/i386

This version works with RH 7.3, do not hesitate to upgrade !

Do not forget to install the devel of acl and attr. And recompile Samba.

See you,

Raphaël


On Fri, 2003-02-28 at 20:14, Brad Sagowitz wrote:
> I have
> libacl-2.0.9-0
> libattr-2.0.7-0
> 
> But I'm very hesitant to upgrade I did this once and I couldn't even ls
> after upgrade.
> guess I back-up everything and give it a whirl.
> 
> anyone have a good location for rpms?
> 
> 
> -Original Message-
> From: Raphael Berghmans [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 28, 2003 12:57 PM
> To: Brad Sagowitz
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] ACL permissions with XP problem
> 
> 
> Hi,
> 
> Which version of libacl and libattr do you use ?
> 
> Because I think that for samba you need at least de version 2.0.12.
> 
> See you,
> 
> Raphaël
> 
> 
> On Thu, 2003-02-27 at 16:47, Brad Sagowitz wrote:
> > Wondering if anyone can help...
> >
> > here is my setup:
> >
> > RedHat 7.3 with XFS (using the XFS install disk)
> > After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt it
> > with the --with-acl-support option in the samba.spec file
> > then upgraded the resulting rpm files
> > I've added the machine accounts and made root a smb user
> > I can log in successfully(after applying the xp registry hack), the
> problem
> > comes in when I try to change permission on a file from windows explorer.
> > For example adding users to give them rwx permissions on a file gives me
> > access denied.
> > Now... I tried getfacl and setfacl and both work.  When I use setfacl on a
> > file and add a user, that user does not show up on the security tab in XP.
> > And one other thing... I check the log for the XP machine and it has this
> > error
> > "is104 (192.168.0.104) couldn't find service screenings"
> >
> > Any help would be greatly appreciated
> >
> > Thanks
> >
> >
> >
> >
> > here is my smb.conf file:
> >
> > [global]
> > smb passwd file = /etc/samba/smbpasswd
> > passwd program = /usr/bin/passwd %u
> > domain master = yes
> > dns proxy = no
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > short preserve case = no
> > printcap name = /etc/printcap
> > wins support = yes
> > max log size = 0
> > preferred master = yes
> > logon script = %U.bat
> > password level = 4
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > security = user
> > domain logons = yes
> > unix password sync = Yes
> > workgroup = JDMC
> > server string = JDMC Samba Server
> > local master = yes
> > netbios name = THE-SCOOP
> > log file = /var/log/samba/%m.log
> > load printers = no
> > os level = 64
> >
> > [netlogon]
> > path = /home/netlogon
> > public = no
> > read only = yes
> >
> > [homes]
> > path = %H
> > volume = Private
> > writable = yes
> > comment = Private Share
> > valid users = %S
> > browseable = no
> > create mode = 0764
> > directory mode = 0775
> >
> > [general]
> > path = /shares/general
> > writeable = yes
> > public = yes
> > valid users = @users,@root,root
> > force group = users
> > force create mode = 764
> >
> > Brad Sagowitz
> > Operating Systems Specialist III
> > A+, MCP, Linux+, CCAI-UNIX
> > 1125 E. Alameda
> > Norman, OK 73071
> [EMAIL PROTECTED]
> --
> Raphael Berghmans <[EMAIL PROTECTED]>
-- 
Raphael Berghmans <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Brad Sagowitz]

You say to recompile samba... I compiled samba from the source rpms should I
do this again?

This will have to wait till monday as I'm going to make an image of my /
before doing this  =)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Raphael Berghmans
Sent: Friday, February 28, 2003 1:30 PM
To: Brad Sagowitz
Cc: [EMAIL PROTECTED]
Subject: RE: [Samba] ACL permissions with XP problem


Hi,

You can find last version of XFS ACL here :
ftp://rpmfind.net/linux/SGILinux/cmd_rpms/i386

This version works with RH 7.3, do not hesitate to upgrade !

Do not forget to install the devel of acl and attr. And recompile Samba.

See you,

Raphaël


On Fri, 2003-02-28 at 20:14, Brad Sagowitz wrote:
> I have
> libacl-2.0.9-0
> libattr-2.0.7-0
>
> But I'm very hesitant to upgrade I did this once and I couldn't even
ls
> after upgrade.
> guess I back-up everything and give it a whirl.
>
> anyone have a good location for rpms?
>
>
> -Original Message-
> From: Raphael Berghmans [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 28, 2003 12:57 PM
> To: Brad Sagowitz
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] ACL permissions with XP problem
>
>
> Hi,
>
> Which version of libacl and libattr do you use ?
>
> Because I think that for samba you need at least de version 2.0.12.
>
> See you,
>
> Raphaël
>
>
> On Thu, 2003-02-27 at 16:47, Brad Sagowitz wrote:
> > Wondering if anyone can help...
> >
> > here is my setup:
> >
> > RedHat 7.3 with XFS (using the XFS install disk)
> > After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt
it
> > with the --with-acl-support option in the samba.spec file
> > then upgraded the resulting rpm files
> > I've added the machine accounts and made root a smb user
> > I can log in successfully(after applying the xp registry hack), the
> problem
> > comes in when I try to change permission on a file from windows
explorer.
> > For example adding users to give them rwx permissions on a file gives me
> > access denied.
> > Now... I tried getfacl and setfacl and both work.  When I use setfacl on
a
> > file and add a user, that user does not show up on the security tab in
XP.
> > And one other thing... I check the log for the XP machine and it has
this
> > error
> > "is104 (192.168.0.104) couldn't find service screenings"
> >
> > Any help would be greatly appreciated
> >
> > Thanks
> >
> >
> >
> >
> > here is my smb.conf file:
> >
> > [global]
> > smb passwd file = /etc/samba/smbpasswd
> > passwd program = /usr/bin/passwd %u
> > domain master = yes
> > dns proxy = no
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > short preserve case = no
> > printcap name = /etc/printcap
> > wins support = yes
> > max log size = 0
> > preferred master = yes
> > logon script = %U.bat
> > password level = 4
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > security = user
> > domain logons = yes
> > unix password sync = Yes
> > workgroup = JDMC
> > server string = JDMC Samba Server
> > local master = yes
> > netbios name = THE-SCOOP
> > log file = /var/log/samba/%m.log
> > load printers = no
> > os level = 64
> >
> > [netlogon]
> > path = /home/netlogon
> > public = no
> > read only = yes
> >
> > [homes]
> > path = %H
> > volume = Private
> > writable = yes
> > comment = Private Share
> > valid users = %S
> > browseable = no
> > create mode = 0764
> > directory mode = 0775
> >
> > [general]
> > path = /shares/general
> > writeable = yes
> > public = yes
> > valid users = @users,@root,root
> > force group = users
> > force create mode = 764
> >
> > Brad Sagowitz
> > Operating Systems Specialist III
> > A+, MCP, Linux+, CCAI-UNIX
> > 1125 E. Alameda
> > Norman, OK 73071
> [EMAIL PROTECTED]
> --
> Raphael Berghmans <[EMAIL PROTECTED]>
--
Raphael Berghmans <[EMAIL PROTECTED]>

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ACL permissions with XP problem

[Raphael Berghmans]

Hi,

Last 2 days, I've installed 4 servers RH 7.3 with samba, and I've
recompiled samba from rpms source. By default in the samba.spec, the ACL
support is implemented and then I think that the binary rpm of samba
doesn't include this functionality !

See you,

Raphaël

On Fri, 2003-02-28 at 20:42, Brad Sagowitz wrote:
> You say to recompile samba... I compiled samba from the source rpms should I
> do this again?
> 
> This will have to wait till monday as I'm going to make an image of my /
> before doing this  =)
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> Raphael Berghmans
> Sent: Friday, February 28, 2003 1:30 PM
> To: Brad Sagowitz
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Samba] ACL permissions with XP problem
> 
> 
> Hi,
> 
> You can find last version of XFS ACL here :
> ftp://rpmfind.net/linux/SGILinux/cmd_rpms/i386
> 
> This version works with RH 7.3, do not hesitate to upgrade !
> 
> Do not forget to install the devel of acl and attr. And recompile Samba.
> 
> See you,
> 
> Raphaël
> 
> 
> On Fri, 2003-02-28 at 20:14, Brad Sagowitz wrote:
> > I have
> > libacl-2.0.9-0
> > libattr-2.0.7-0
> >
> > But I'm very hesitant to upgrade I did this once and I couldn't even
> ls
> > after upgrade.
> > guess I back-up everything and give it a whirl.
> >
> > anyone have a good location for rpms?
> >
> >
> > -----Original Message-
> > From: Raphael Berghmans [mailto:[EMAIL PROTECTED]
> > Sent: Friday, February 28, 2003 12:57 PM
> > To: Brad Sagowitz
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [Samba] ACL permissions with XP problem
> >
> >
> > Hi,
> >
> > Which version of libacl and libattr do you use ?
> >
> > Because I think that for samba you need at least de version 2.0.12.
> >
> > See you,
> >
> > Raphaël
> >
> >
> > On Thu, 2003-02-27 at 16:47, Brad Sagowitz wrote:
> > > Wondering if anyone can help...
> > >
> > > here is my setup:
> > >
> > > RedHat 7.3 with XFS (using the XFS install disk)
> > > After installation I'd downloaded 2.2.7 src rpm from redhat and rebuilt
> it
> > > with the --with-acl-support option in the samba.spec file
> > > then upgraded the resulting rpm files
> > > I've added the machine accounts and made root a smb user
> > > I can log in successfully(after applying the xp registry hack), the
> > problem
> > > comes in when I try to change permission on a file from windows
> explorer.
> > > For example adding users to give them rwx permissions on a file gives me
> > > access denied.
> > > Now... I tried getfacl and setfacl and both work.  When I use setfacl on
> a
> > > file and add a user, that user does not show up on the security tab in
> XP.
> > > And one other thing... I check the log for the XP machine and it has
> this
> > > error
> > > "is104 (192.168.0.104) couldn't find service screenings"
> > >
> > > Any help would be greatly appreciated
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > > here is my smb.conf file:
> > >
> > > [global]
> > >   smb passwd file = /etc/samba/smbpasswd
> > >   passwd program = /usr/bin/passwd %u
> > >   domain master = yes
> > >   dns proxy = no
> > >   encrypt passwords = yes
> > >   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > >   short preserve case = no
> > >   printcap name = /etc/printcap
> > >   wins support = yes
> > >   max log size = 0
> > >   preferred master = yes
> > >   logon script = %U.bat
> > >   password level = 4
> > >   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > > *passwd:*all*authentication*tokens*updated*successfully*
> > >   security = user
> > >   domain logons = yes
> > >   unix password sync = Yes
> > >   workgroup = JDMC
> > >   server string = JDMC Samba Server
> > >   local master = yes
> > >   netbios name = THE-SCOOP
> > >   log file = /var/log/samba/%m.log
> > >   load printers = no
> > >   os level = 64
> > >
> > > [netlogon]
> > >   path = /home/netlogon
> > >   public = no
> > >   read only = yes
> > >
> > > [homes]
> > >   path = %H
> > >   volume = Private
> > >   writable = yes
> > >   comment = Private Share
> > >   valid users = %S
> > >   browseable = no
> > >   create mode = 0764
> > >   directory mode = 0775
> > >
> > > [general]
> > >   path = /shares/general
> > >   writeable = yes
> > >   public = yes
> > >   valid users = @users,@root,root
> > > force group = users
> > > force create mode = 764
> > >
> > > Brad Sagowitz
> > > Operating Systems Specialist III
> > > A+, MCP, Linux+, CCAI-UNIX
> > > 1125 E. Alameda
> > > Norman, OK 73071
> > [EMAIL PROTECTED]
> > --
> > Raphael Berghmans <[EMAIL PROTECTED]>
> --
> Raphael Berghmans <[EMAIL PROTECTED]>
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Raphael Berghmans <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL permissions with XP problem

[Markus Amersdorfer]

On Thu, 27 Feb 2003 09:47:53 -0600
"Brad Sagowitz" <[EMAIL PROTECTED]> wrote:

> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and
> rebuilt it with the --with-acl-support option in the samba.spec file

Did you have "acl-dev" installed when compiling Samba? Of not, the
configure-process will kick ACL-support but continue compiling although
you specified --with-acl-support.

Make sure your smbd has ACL-support built in:

  ldd /usr/sbin/smbd

The output should contain something like 

  "libacl.so.1 => /lib/libacl.so.1"

So long,
Max

-- 
The first time any man's freedom is trodden on, we're all damaged.
   

http://homex.subnet.at/~max/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE:[Samba] ACL Permissions with XP problem

[Brad Sagowitz]

Max... this was my problem.  I had loaded acl-dev... but it didn't compile.
I installed the new updates with the ones Raphael supplied then recompiled
samba from src rpms and installed with the --force option.  Everything works
great!!!

Thanks EVERYONE I really appreciate all the help!

Brad Sagowitz
Operating Systems Specialist III
A+, MCP, Linux+, CCAI-UNIX
1125 E. Alameda
Norman, OK 73071
(405) 307-2883

> RedHat 7.3 with XFS (using the XFS install disk)
> After installation I'd downloaded 2.2.7 src rpm from redhat and
> rebuilt it with the --with-acl-support option in the samba.spec file

Did you have "acl-dev" installed when compiling Samba? Of not, the
configure-process will kick ACL-support but continue compiling although
you specified --with-acl-support.

Make sure your smbd has ACL-support built in:

  ldd /usr/sbin/smbd

The output should contain something like

  "libacl.so.1 => /lib/libacl.so.1"

So long,
Max



Brad Sagowitz
Operating Systems Specialist III
A+, MCP, Linux+, CCAI-UNIX
1125 E. Alameda
Norman, OK 73071
(405) 307-2883

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL bug FIXes for get_nt_acl() (resend)

[Sergey Zhitomirsky]

It seems attached patches were lost,  resending inline :

 Two attached patches for samba 2.2.7a and 3.0-alfa22,
 that I've made today, fix 3 bugs mentioned in my previous e-mail.

 1) For each file  in addition to ALLOW ACE
proper DENY ACE is created.
 2) "Take ownership" is shown DENIED for all except root  ACEs
 3) Read Permissions  and  read attributes  are always shown as allowed,
 as they are actually allowed.


 --
 Zhitomirsky Sergey.


--- samba-3.0alpha22/source/smbd/posix_acls.c   Mon Feb 24 18:12:33 2003
+++ samba-3.0alpha22-fixed/source/smbd/posix_acls.c Thu Mar  6 17:09:56 2003
@@ -354,15 +354,19 @@
  not get. Deny entries are implicit on get with ace->perms = 0.
 /
 
-static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace 
*ace)
+static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace 
*ace,
+   SEC_ACCESS* sa_deny, int *pacl_type_deny)
 {
SEC_ACCESS sa;
uint32 nt_mask = 0;
-
-   *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+   uint32 nt_mask_deny = 0;
+ 
+   *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+   *pacl_type_deny = SEC_ACE_TYPE_ACCESS_DENIED;
 
if ((ace->perms & ALL_ACE_PERMS) == ALL_ACE_PERMS) {
-   nt_mask = UNIX_ACCESS_RWX;
+   nt_mask = UNIX_ACCESS_RWX;
+   nt_mask_deny = WRITE_OWNER_ACCESS;
} else if ((ace->perms & ALL_ACE_PERMS) == (mode_t)0) {
/*
 * Windows NT refuses to display ACEs with no permissions in them (but
@@ -377,15 +381,31 @@
nt_mask = UNIX_ACCESS_NONE;
else
nt_mask = 0;
+
+   nt_mask_deny = UNIX_ACCESS_RWX; 
+
} else {
nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+
+   nt_mask_deny = ~nt_mask & UNIX_ACCESS_RWX;
}
 
-   DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
-   (unsigned int)ace->perms, (unsigned int)nt_mask ));
+   /* READ ACL & Read Attributes  afai see  are always allowed in POSIX */
+   nt_mask_deny &= ~(  READ_CONTROL_ACCESS | FILE_READ_ATTRIBUTES);
+   nt_mask |= READ_CONTROL_ACCESS | FILE_READ_ATTRIBUTES;
 
+   /* workaround for "take ownership" for root's ACE */
+   if (ace->owner_type == UID_ACE && !ace->unix_ug.uid) {
+   nt_mask_deny &= ~WRITE_OWNER_ACCESS;
+   nt_mask |= WRITE_OWNER_ACCESS;//UNIX_ACCESS_NONE;
+   }
+
+   DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x & ~%x\n",
+   (unsigned int)ace->perms, (unsigned int)nt_mask, (unsigned 
int)nt_mask_deny));
+
+   init_sec_access(sa_deny, nt_mask_deny);
init_sec_access(&sa,nt_mask);
return sa;
 }
@@ -2208,6 +2228,7 @@
{
canon_ace *ace;
int nt_acl_type;
+   int nt_acl_type_deny;
int i;
 
if (nt4_compatible_acls()) {
@@ -2292,12 +2313,12 @@
num_dir_acls = count_canon_ace_list(dir_ace);
 
/* Allocate the ace list. */
-   if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + 
num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+   if ((nt_ace_list = (SEC_ACE *)malloc((2 * num_acls + num_profile_acls 
+ 2 * num_dir_acls)*sizeof(SEC_ACE))) == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for 
nt_ace_list.\n"));
goto done;
}
 
-   memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) 
);
+   memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * 2 * 
sizeof(SEC_ACE) );
   
 
/*
 * Create the NT ACE list from the canonical ace lists.
@@ -2307,8 +2328,10 @@
 
for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
-
-   acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+   SEC_ACCESS acc_deny;
+   
+   acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace , 
&acc_deny, &nt_acl_type_deny);
+   init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, 
nt_acl_type_deny, acc_deny, 0);
init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, 
nt_acl_type, acc, 0);
}
 
@@ -2324,8 +2347,11 @@
 
for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
-
-

[Samba] acl control in access for acl_external

[Wilson A. Galafassi Jr.]

hello
i finally have success with winbind :) thanks everybody

so, i use this acl's in squid

external_acl_typqe NT_global/-group %LOGIN
/usr/local/squid/libexec/wb_group

acl FullAccess external NT_global_group "domain group"

httpd allow FullAccess
httpd deny all

with this configuration all is DENID by squid. what
it's possible to write acl's specifics for determinated autenticate
user's???

regards
wilson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Réf. : Re: [Samba] Unofficial Samba+ACL HOWTO

[Ganael LAPLANCHE]

Mandrake 9.1's kernel needs a patch to support ACL's :
http://qa.mandrakesoft.com/show_bug.cgi?id=3615

Regards,
Ganaël LAPLANCHE.





[EMAIL PROTECTED]@lists.samba.org on 07/23/2003 06:09:59 PM

Envoyé par :  [EMAIL PROTECTED]


Pour : [EMAIL PROTECTED]
cc :
Objet : Re: [Samba] Unofficial Samba+ACL HOWTO

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Message: 54
> Date: Wed, 23 Jul 2003 13:11:38 +1200
> From: "Paul Eggleton" <[EMAIL PROTECTED]>
> Subject: [Samba] Unofficial Samba+ACL HOWTO
> To: <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain;  charset="us-ascii"
>
> Hi all,
>
> I have finally got around to updating my unofficial HOWTO on setting up
> Samba with ACL support:
> http://www.bluelightning.org/linux/samba_acl_howto
>
> As always, comments and suggestions welcome.
>

You may want to change the title to be "Unofficial Redhat Samba + ACL +
Winbind Howto", since most other distros have ACL support out the box
(Mandrake since 8.1 has had ACL support on XFS, 9.0 had ACL support on
ext2/3 also, most recent SuSE releases had ACL support on XFS, some on
ext2/3, I believe one of the Debain kernels has XFS/ACL support), and
Mandrake 9.0 and 9.1 will setup winbind for you during installation.

Regards,
Buchan

- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/HrM8rJK6UGDSBKcRAgZeAKC+wZN5sJpsLMUWYN/n7li//8KveQCeP8D9
c6zUongSCjg3j5bwiUOy7Qw=
=jM6n
-END PGP SIGNATURE-

**
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy.
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL with Samba 3.22 + xfs with acl

[Alex Murphy]

The Regard!
Faced a problem distributions acl in SAMBA 3.22.
Ispolizetsya ADS+WINBINDD, PDC-Win2000, Samba - Server (xfs+acl).
When making the file in share resource are assigned authorities:
all - for all
domain users - winbindd considers the main by group domain users user - a 
name of the creator of the file At marks beside all authorities skim!
Do the attempt to put(deliver) the marks beside any one of 
afore-mentioned, appear else two authorities : owner-group and owner-user, 
for which already it is impossible nothing change.
The Question: possible what hide owner-group and owner-user ?   

Alex.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support in the 2.2.x series

[Tom Dickson]

I've noticed that on Samba 2.2.5, that the ACLs don't work quite as
expected. Under win2000 you remove access by the group everyone by deleting
it, under Samba, you have to set the group Everyone to deny all (which then
gives you a warning, and then you can add separate users.)

Is it possible to make Samba not return the group Everyone if the UNIX
permissions for world are ---?

I.e., if file bob has rwx--, only return the owner of the file as having
any permissions, and not even return the others?

Has the way ACLs present themselves changed between 2.2.5 and 2.2.8?

Has this patch been added to 2.2.8?

http://lists.samba.org/pipermail/samba/2003-March/091967.html

Thank you,

Tom Dickson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SORRY Missing INFO in Samba ACL Support

[Christos E. Chrisostomidis]

*

My apologies for the incomplete info !!!
I repeat the e-mail so you do not get confused.

*
Dear All,

I am running samba 2.2.7-5  on a RH 8.0 box with 2.4.20-18 kernel and
I am trying to migrate a Win2K Server to Samba.
The samba RPM has --with-acl-support activated.
I manually add all the net users into the samba box using the command

useradd -s /bin/false -d /dev/null -m username

and then I transfer then into samba. Having specified:

workgroup = our_workgroup
netbios name = Server Name
security = user
encrypt passwords = yes
nt acl support = yes
etc.
[share_name_1]
path = ..
valid users = 
etc.

in the smb.conf and creating the appropriate "top level" shares with the
corresponding users everything works very well. Users can have where
they supposed to.

However, the old Win2K server has a very different structure looking
something
like:

topfolder1
 +--subforder1
 +subsubfolder1
 +subsubfolder2
 +--subfolder2
 +subsubfolder3
 +subsubfolder4

All users on the win2k box map the "topfolder1" so when they open the
win explorer they can see the
folder structure as shown above. However, they can access only
subfolders that they allow to.
(i.e. on each subfolder and on some subsubfolders we have set user
permissions)


To replicate the same scenario on the samba box, as been suggested by
this list,
is to use acl support. However, I cannot find documentation on how this
can be done.

So I made an experiment, defining one top level share in smb.conf  (the
topfolder1) and
then, from a win2k client I right clicked on a subfolder, click on
security and try to modify
permissions which did not work 

I want to avoid defining all the subfolders in smb.conf since they will
apeear as top level shares.
I am wandering if I can keep the same structure and have my users access
they corresponding folders.

If this is possible can someone point me in the right direction ???

Best Regards
Christos





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL problem with WinXP and Samba 2.2.5-2.2.8

[Johannes Tyve]

Trying to add users using security tab i WinXP doesn't work for us, no 
users are added. Existing ACLs are possible to change and delete.

This behavior has been identified with both Solaris 2.6, Linux 2.4.9-31 
with XFS,  Samba 2.2.5 and 2.2.8. I'm attaching global part of out 
smb.conf and a snippet from the log.

Our users are in an NT domain and in NIS.

Regards,
Johannes

smb.conf:
[global]
workgroup = SGU
security = DOMAIN
encrypt passwords = Yes
min passwd length = 6
password server = sys4 sgu4
username map = /usr/local/samba/lib/users.map
log file = /var/opt/samba/log/%m
deadtime = 10
character set = ISO8859-1
wins server = 10.1.20.104
invalid users = smsclitoknacct& smsclisvcacct&
create mask = 0644
host msdfs = yes
inherit acls = yes
log level = 2

Log:

[2003/03/28 16:09:27, 2] lib/util_sock.c:open_socket_out(873)
  error connecting to 10.1.20.104:445 (Connection refused)
[2003/03/28 16:09:28, 1] smbd/service.c:make_connection(636)
  sp078 (10.1.20.94) connect to service lab as user jste (uid=133, 
gid=100) (pid 10936)
[2003/03/28 16:09:39, 0] smbd/service.c:make_connection(251)
  sp078 (10.1.20.94) couldn't find service la
[2003/03/28 16:09:42, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2050)
  Returning domain sid for domain PCHYD29 -> 
S-1-5-21-195616947-1880241807-4126645089
[2003/03/28 16:09:42, 2] passdb/pdb_smbpasswd.c:startsmbfilepwent(170)
  startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. 
Error was No such file or directory
[2003/03/28 16:09:42, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1418)
  unable to open passdb database.
[2003/03/28 16:09:46, 0] smbd/posix_acls.c:create_canon_ace_lists(1017)
  create_canon_ace_lists: unable to map SID 
S-1-5-21-1444693150-211357965-837300805-2170 to uid or gid.
[2003/03/28 16:11:25, 0] smbd/service.c:make_connection(251)
  sp078 (10.1.20.94) couldn't find service la
[2003/03/28 16:11:28, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2050)
  Returning domain sid for domain PCHYD29 -> 
S-1-5-21-195616947-1880241807-4126645089
[2003/03/28 16:11:35, 0] smbd/posix_acls.c:create_canon_ace_lists(1017)
  create_canon_ace_lists: unable to map SID 
S-1-5-21-1444693150-211357965-837300805-1084 to uid or gid.
[2003/03/28 16:11:37, 0] smbd/service.c:make_connection(251)
  sp078 (10.1.20.94) couldn't find service la
[2003/03/28 16:11:39, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2050)
  Returning domain sid for domain PCHYD29 -> 
S-1-5-21-195616947-1880241807-4126645089
[2003/03/28 16:12:06, 0] smbd/service.c:make_connection(251)
  sp078 (10.1.20.94) couldn't find service la
[2003/03/28 16:12:08, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2050)
  Returning domain sid for domain PCHYD29 -> 
S-1-5-21-195616947-1880241807-4126645089
[2003/03/28 16:12:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1017)
  create_canon_ace_lists: unable to map SID 
S-1-5-21-1444693150-211357965-837300805-1029 to uid or gid.
[2003/03/28 16:13:35, 1] smbd/service.c:close_cnum(675)
  sp078 (10.1.20.94) closed connection to service lab
[2003/03/28 16:13:35, 2] smbd/server.c:exit_server(511)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] RE: SORRY Missing INFO in Samba ACL Support

[Tom Dickson]

Do you have ACL support enabled in the filesystem?

You may want to see http://acl.bestbits.at/

-Tom


*
My apologies for the incomplete info !!!
I repeat the e-mail so you do not get confused.
*
Dear All,
I am running samba 2.2.7-5  on a RH 8.0 box with 2.4.20-18 kernel and
I am trying to migrate a Win2K Server to Samba.
The samba RPM has --with-acl-support activated.
I manually add all the net users into the samba box using the command
useradd -s /bin/false -d /dev/null -m username
and then I transfer then into samba. Having specified:
workgroup = our_workgroup
netbios name = Server Name
security = user
encrypt passwords = yes
nt acl support = yes
etc.
[share_name_1]
path = ..
valid users = 
etc.
in the smb.conf and creating the appropriate "top level" shares with the
corresponding users everything works very well. Users can have where
they supposed to.
However, the old Win2K server has a very different structure looking
something
like:
topfolder1
 +--subforder1
 +subsubfolder1
 +subsubfolder2
 +--subfolder2
 +subsubfolder3
 +subsubfolder4
All users on the win2k box map the "topfolder1" so when they open the
win explorer they can see the
folder structure as shown above. However, they can access only
subfolders that they allow to.
(i.e. on each subfolder and on some subsubfolders we have set user
permissions)
To replicate the same scenario on the samba box, as been suggested by
this list,
is to use acl support. However, I cannot find documentation on how this
can be done.
So I made an experiment, defining one top level share in smb.conf  (the
topfolder1) and
then, from a win2k client I right clicked on a subfolder, click on
security and try to modify
permissions which did not work 
I want to avoid defining all the subfolders in smb.conf since they will
apeear as top level shares.
I am wandering if I can keep the same structure and have my users access
they corresponding folders.
If this is possible can someone point me in the right direction ???
Best Regards
Christos
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support - entries of filesystem acls are not displayed in NT security tab

[Oliver Thinnes]

Helo.

I'm running here samba 2.2.4 on redhat 7.2 with kernel 2.4.17 patched with 
ACL patches from http://acl.bestbits.at and appropreiate utils.

Samba is member of a NT 4 domain.

I configured (./configure --with-privatedir=/etc/samba 
--with-lockdir=/var/lock --with-configdir=/etc/samba --with-quotas 
--with-acl-support --with-winbind)
and compiled samba with acl support and in smb.conf I have
nt acl support = YES
.

Everything works fine. I see my NT users / groups. I have set acls on the 
filesystem that are inherited (default acl).

When I open the security tab in the file properties dialog I only see the 
UNIX right and the extended acls are missing.

NT security tab:
everybody no rights
Oliver Thinnes, read, write
root: read, write

On LINUX
# dir
-rwxrw+   1 PULSAAR+O.Thinnes root5 05-31 22:55 Neu 
Textdokument.txt

# getfacl Neu\ Textdokument.txt
user::rwx
user:PULSAAR+informix:r-x   #effective:r--
group::rwx  #effective:rw-
group:PULSAAR+Technik:rwx   #effective:rw-
mask::rw-
other::---

Thank you in advance.

Oliver Thinnes


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ACL support - Adding users in NT security tab gives winbindd error message "Can't find domain from sid"

[Oliver Thinnes]

Helo.

I'm running here samba 2.2.4 on redhat 7.2 with kernel 2.4.17 patched with 
ACL patches from http://acl.bestbits.at and appropreiate utils.

Samba is member of a NT 4 domain.

I configured (./configure --with-privatedir=/etc/samba 
--with-lockdir=/var/lock --with-configdir=/etc/samba --with-quotas 
--with-acl-support --with-winbind)
and compiled samba with acl support and in smb.conf I have
nt acl support = YES
.

Everything works fine. I see my NT users / groups. I have set acls on the 
filesystem that are inherited (default acl).


When I open the security tab in the file properties dialog and click ADD to 
add users I can see the NT users.

When selecting one, setting the access rights and click OK then I get an 
error message on NT and in "log.winbindd"
-- snip --
[2002/05/31 22:48:44, 1, pid=12102, effective(0, 0), real(0, 0)] 
nsswitch/winbindd_util.c:winbindd_lookup_n
ame_by_sid(268)
  Can't find domain from sid
-- snip --

"wbinfo -n NT-USER" shows me the SID number.

Thank you in advance.

Oliver Thinnes



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba