[Samba] Samba NT/POSIACL's: Too many ACE entries

[DONAHUE,BILL (HP-USA,ex1)]

I have been 
trying to get ACL's to work with Samba 2.2.5 but have run into a 
problem.

I am using 
RedHat 7.3 with the POSIX ACL patches from http://acl.bestbits.at/. Following 
installation of the patches I am able to view and modify ACL's from the bash 
command line using the getfacl and setfacl commands. Authenticiation is 
configured with winbind and domain security. It seems to be working 
fine.

The Samba code 
is was downloaded as an RPM from samba.org. I did not rebuild the code as 
it seemed to already have acl support in it as evidenced by the many ACL 
releated messages in the log files.

When I try to 
add/change an ACL from theclient Iam getting the following message 
in the client log file: 

 [2002/09/18 14:13:59, 3] 
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809) 
convert_canon_ace_to_posix_perms: Too many ACE entries for file AUTOEXEC.BAT to 
convert to posix perms.

When I view 
the log files it appears that the client is passing an ACE file list that 
containsfour ACE entries, while the source code seems to limit the number 
to three (USER, GROUP, OTHER). This doesn't make sense. It seems 
that there sould be the three default entries plus as many more entries as the 
user wants to set.

Has anyone 
solved this problem? Any help is appreciated.

My smb.conf 
and an excerpt from my log file are listed below.

Thanks,

Bill


smb.conf

# Samba 
config file created using SWAT# from atlwebcache1.core.hp.com 
(15.10.155.2)# Date: 2002/09/18 10:11:50

# Global 
parameters[global] workgroup = 
SAMBA server string = Samba 
Server security = 
DOMAIN encrypt passwords = 
Yes password server = 
* log file = 
/var/log/samba/log.%m max log size 
= 50 socket options = TCP_NODELAY 
SO_RCVBUF=8192 SO_SNDBUF=8192 dns 
proxy = No winbind uid = 
1000-2000 winbind gid = 
1000-2000

[homes] 
comment = Home Directories read 
only = No browseable = 
No

[printers] 
comment = All Printers path = 
/var/spool/samba printable = 
Yes browseable = 
No

[tmp] 
path = /tmp read only = 
No guest ok = 
Yes



client.log

[2002/09/18 16:04:17, 10] 
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: file 
ace - before valid canon_ace index 0. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-1013 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-1013 - SAMBA 
TestUsr uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x 
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms 
r-- canon_ace index 2. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain 
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms 
r-- canon_ace index 3. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA 
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms 
r-x[2002/09/18 16:04:17, 10] 
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: dir 
ace - before valid[2002/09/18 16:04:17, 3] 
smbd/dosmode.c:unix_mode(111) unix_mode(TestFile) returning 
0744[2002/09/18 16:04:17, 10] 
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: file 
ace - return canon_ace index 0. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-1013 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-1013 - SAMBA 
TestUsr uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x 
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms 
r-- canon_ace index 2. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain 
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms 
r-- canon_ace index 3. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA 
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms 
r-x[2002/09/18 16:04:17, 10] 
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: dir 
ace - return canon_ace index 0. Type = allow SID = S-1-1-0 other 
SMB_ACL_OTHER perms r-- canon_ace index 1. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain 
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms 
r-- canon_ace index 2. Type = allow SID = 
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS: 
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA 
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms 
rwx[2002/09/18 16:04:17, 3] 
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809) 
convert_canon_ace_to_posix_perms: Too many ACE entries for file TestFile to 
convert to posix perms.[2002/09/18 16:04:17, 3] 

Re: [Samba] Samba NT/POSIACL's: Too many ACE entries

[jra]

On Wed, Sep 18, 2002 at 12:34:50PM -0700, DONAHUE,BILL (HP-USA,ex1) wrote:
 I have been trying to get ACL's to work with Samba 2.2.5 but have run into a
 problem.
  
 I am using RedHat 7.3 with the POSIX ACL patches from
 http://acl.bestbits.at/ http://acl.bestbits.at/ .  Following installation
 of the patches I am able to view and modify ACL's from the bash command line
 using the getfacl and setfacl commands.  Authenticiation is configured with
 winbind and domain security.  It seems to be working fine.
  
 The Samba code is was downloaded as an RPM from samba.org.  I did not
 rebuild the code as it seemed to already have acl support in it as evidenced
 by the many ACL releated messages in the log files.

No, you are incorrect. It hasn't been built with ACL support. The ACL
related messages in the log files are Samba trying to do ACL conversion
to standard unix tuple permissions.

You need to rebuild Samba with ACL support.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba