RES: RES: RES: RES: [Samba] Re: ACLs with Problem
I have an environment to make test. I go to try to mount a partition xfs in this server of test. I thank its help. -Mensagem original- De: Paul Kölle [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 28 de setembro de 2005 10:53 Para: Luis Henrique de Faria Guimarães Assunto: Re: RES: RES: RES: [Samba] Re: ACLs with Problem Luis Henrique de Faria Guimarães wrote: I forgive me Paul, not wise person. Well, the samba was compiled with support ACL, look out command: [EMAIL PROTECTED] source]# strings $(which smbd) | grep HAVE_POSIX_ACLS HAVE_POSIX_ACLS I didn't find no fail when I compiled the samba. I go to send for you my file configure.log Looks ok to me. One thing to try would be testing with another filesystem. It seems you have XFS headers installed and samba recognised them. If your kernel supports XFS or you have support as a module you could try creating a small XFS partition (could be done in a file and mounted with loopback, no need for a real partition then). I've used XFS as an FS for samba and have had good results. You dont need to pass special mount options as ACLs are enabled by default on XFS. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RES: RES: [Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: [2005/09/26 17:11:53, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2581) convert_canon_ace_to_posix_perms: Too many ACE entries for file teste.txt to convert to posix perms. I wonder why convert_canon_ace_to_posix_perms is called with an file_ace_list with more than three canon_ace elements. set_nt_acl should never call convert_canon_ace_to_posix_perms that way. I guess it fails because you have an ACL_USER_OBJ which makes the file_ace_list longer than three entries but for some reason set_nt_acl thinks it cannot use set_canon_ace_list. I just start to read the code so maybe someone who really knows what's going on could clear this up a bit. hth Paul BTW: check your samba binary for ACL support, could be that ./configure failed to pick up some libs or headers and the whole feature is not present. Use strings $(which smbd) | grep HAVE_POSIX_ACLS. If you don't get anything back your binary lacks ACL support. PS: Try not to start a new thread with each response and please keep your replies on the list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RES: RES: [Samba] Re: ACLs with Problem
Paul, 1. Which user is logged on the the windows workstation trying to modify a file on the samba share? Henrique are user, this user is in the list of administrators of the samba, but he is not administrator of the PDC (windows 2003). It looks at the parameters below of smb.conf: admin users = corniani, administrator, henrique 2. What are the ACLs on that file before you try to change them and what are they after the operation failed? Are the ACLs on that file before: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- After: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- Nothing one gets excited after the failed. 3. What is the output of the samba log when you try to change ACLs on the file? Look my big logs: unix_mode(teste.txt) returning 0744 [2005/09/26 17:11:44, 2] smbd/open.c:open_file(372) henrique opened file teste.txt read=No write=No (numopen=2) [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 156 of length 88 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1965) call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1992) call_nt_transact_query_security_desc: sd_size = 120. [2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147) error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 157 of length 88 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1965) call_nt_transact_query_security_desc: file = teste.txt, info_wanted = 0x4 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1992) call_nt_transact_query_security_desc: sd_size = 120. [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 158 of length 92 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/dosmode.c:unix_mode(121) unix_mode(.) returning 0744 [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 159 of length 88 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1965) call_nt_transact_query_security_desc: file = ., info_wanted = 0x4 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1992) call_nt_transact_query_security_desc: sd_size = 120. [2005/09/26 17:11:44, 3] smbd/error.c:error_packet(147) error packet at smbd/nttrans.c(95) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 160 of length 88 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1965) call_nt_transact_query_security_desc: file = ., info_wanted = 0x4 [2005/09/26 17:11:44, 3] smbd/nttrans.c:call_nt_transact_query_security_desc(1992) call_nt_transact_query_security_desc: sd_size = 120. [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 161 of length 45 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3] smbd/reply.c:reply_close(3233) close directory fnum=8243 [2005/09/26 17:11:44, 3] smbd/process.c:process_smb(1114) Transaction 162 of length 88 [2005/09/26 17:11:44, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 1361) conn 0x8033e238 [2005/09/26 17:11:44, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 10001) - sec_ctx_stack_ndx = 0 [2005/09/26 17:11:44, 3]
Re: RES: [Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: I believe that you it did not understand my explanation. I have a Linux server executing samba intergrated with a server windows 2003 (PDC). Linux is using the users of windows 2003 saw winbind. But, the permissions for these of archive do not function. When I try to change the permissions of an archive in the sharing of the samba, it I do not function. The part of ACL of the samba is not functioning, you understood me. What you are saying is, it does not work as you think it should. The getfacl output you showed seems to indicate that ACLs are working on the linux side, so far so good. Then you say permissions are not correct from windows explorer and you cannot set them correctly. To identify the underlying problem you need to provide more details. 1. Which user is logged on the the windows workstation trying to modify a file on the samba share? 2. What are the ACLs on that file before you try to change them and what are they after the operation failed? 3. What is the output of the samba log when you try to change ACLs on the file? hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RES: [Samba] Re: ACLs with Problem
I believe that you it did not understand my explanation. I have a Linux server executing samba intergrated with a server windows 2003 (PDC). Linux is using the users of windows 2003 saw winbind. But, the permissions for these of archive do not function. When I try to change the permissions of an archive in the sharing of the samba, it I do not function. The part of ACL of the samba is not functioning, you understood me. The command getfacl sample that support ACL is functioning in the server linux. It sees my /etc/fstab: LABEL=/ / ext3defaults,acl1 1 LABEL=/boot /boot ext3defaults1 2 LABEL=/data /data ext3defaults,acl1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 /dev/cciss/c0d0p2 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 You can help this problem me? Luís Henrique -Mensagem original- De: paul kölle [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 22 de setembro de 2005 13:15 Para: samba@lists.samba.org Assunto: [Samba] Re: ACLs with Problem Luis Henrique de Faria Guimarães wrote: With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- Can you please describe what you expected to see here and why? The user henrique appears in linux, but he does not appear in windows. Then I'd say he's a linux user and not from AD via winbind right? When I try to add permissions through windows appears a message of denied access. If that is a correct result largely depends which user is logged in to the windows workstation. It would be helpful if you set samba to a moderate debug level, and provide the relevant logs generated when the desired operation(s) fail. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RES: [Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: I believe that you it did not understand my explanation. I have a Linux server executing samba intergrated with a server windows 2003 (PDC). Linux is using the users of windows 2003 saw winbind. But, the permissions for these of archive do not function. When I try to change the permissions of an archive in the sharing of the samba, it I do not function. The part of ACL of the samba is not functioning, you understood me. What you are saying is, it does not work as you think it should. The getfacl output you showed seems to indicate that ACLs are working on the linux side, so far so good. Then you say permissions are not correct from windows explorer and you cannot set them correctly. To identify the underlying problem you need to provide more details. 1. Which user is logged on the the windows workstation trying to modify a file on the samba share? 2. What are the ACLs on that file before you try to change them and what are they after the operation failed? 3. What is the output of the samba log when you try to change ACLs on the file? hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- Can you please describe what you expected to see here and why? The user henrique appears in linux, but he does not appear in windows. Then I'd say he's a linux user and not from AD via winbind right? When I try to add permissions through windows appears a message of denied access. If that is a correct result largely depends which user is logged in to the windows workstation. It would be helpful if you set samba to a moderate debug level, and provide the relevant logs generated when the desired operation(s) fail. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba