Purpose: Create a File Server that can replace our windows file server.
System Details:
RedHat 8
Kernel 2.4.18-18 SGI XFS 1.2.0
2 disks
1 for the filesystem ext3
1 for the shares using xfs
Most of the threads and articles I read about doing this told me that I
had to recompile the kernel for acl support. Then I found a post that
mention that XFS has built in ACL support. Which it does. Currently I am
trying to get samba to work with the acl's
What I have done so far:
Installed all related rpm's
Joined Domain
Set Up Windbind
Tested account synchronization
Installed Samba
Set up shares
Set ACL's for share root dir through linux
The permisions that I set through linux work perfectly. The people who
should have access to a particular share do and those who shouldn't
don't.
As I understand it you should then be able to set permisions on files
within those directories as if they were on a windows server, but the
permissions that show up are
unix_group 109 (server\unix_group 109)
I may not have configured samba with acl support
./configure --with-acl-support
So I went back and tried running that line.
It reported:
checking whether to support ACLs... checking for acl_get_file in -lacl...
(cached) no
checking for ACL support... (cached) no
Now I'm not sure where to go from here. Any ideas?
Thanks,
Brett
> checking for ACL support... (cached) noThe configure script is picking up the old value in it's cache. Delete config.cache and run configure again. Aren't caches wonderful? -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
make sure you have the devel packages for ACL and EA (acl-devel and attr-devel) ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005
Ok, I installed the devel packages and Samba was able to compile correctly: ./configure --with-acl-support make make install That seemed to work perfectly However, I am still having the same problem. I took some screen shots to show you. http://bharris.f2o.org/win.html Any other ideas? Dragan Krnic said:> make sure you have the devel packages for ACL > and EA (acl-devel and attr-devel) > > > > ____________________________________________________________ > Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! > http://login.mail.lycos.com/r/referral?aid=27005 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
| Ok, I installed the devel packages and Samba was | able to compile correctly: | | ./configure --with-acl-support | make | make install | | That seemed to work perfectly | | However, I am still having the same problem. | | I took some screen shots to show you. | http://bharris.f2o.org/win.html | | Any other ideas? Yes, why is getfacl showing data for the file ea+acl+nfsacl-2.4.20-0.8.58.diff.gz but the screenshots show libattr-devel-2.0.8.i386.rpm ? Are the 2 hard links to the same iNode, or is one of them a soft-link to the other? ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005
>I must have made a mistake and clicked on a different >file then I thought in windows. I was just trying to >illustrate how the uid's and gid's show up under the >windows security tab and not the domain mappings. > >If you check the acl's under linux it correctly maps >domain names and groups from the uid's and gid's. >This says to me that the filesystem is working >properly with acl's and winbind is working properly, >but samba is not mapping the acl's correctly. I >would also hypothesise that this is the reason if you >try to give a user or group access to a file it does >not accept it. > >Any idea why samba would not be correctly mapping >acl's when I configured samba with acl support >(./configure --with-acl-support)?I had the same problem in the beginning and it was trivial but I can't recollect now what it was exactly. Try to be logical. Go to the linux side and set a couple of real ACLs on a file visible from a Samba share. Check them with getfacl and see how they look from the client's POV. I hope other posters will help too. But you are best suited to debug the problem. Cheers Dragan ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005