Hi, I was hoping someone could help me out or just point me in the correct directions as to what I am doing wrong. I have Samba 2.2.3a installed and configured with winbind for domain authentication using an ext3 file system with ACL support. It is working great! Thanks Samba Team! The problem that I am experiencing is I would like to use an application like "xcopy" to propagate the ACL permissions to the samba server from one of our w2k DFS servers. I have added a domain admin user to the "admin user =" string so that they can create file as root so they should be able to do anything! The admin user is able to authenticate to the Samba server and create the directory using "xcopy" but when they attempt to change the permissions I get "access denied" with this in my samba.log file. I AM able to use ACL through the samba shares to change permissions manually but when I attempt to use xcopy to transfer the permissions automatically here is when I receive. <snip> [2002/03/01 09:32:34, 3] smbd/nttrans.c:call_nt_transact_set_security_desc(1732) call_nt_transact_set_security_desc: file = infosystems, sent 0x80000007 [2002/03/01 09:32:34, 3] smbd/posix_acls.c:unpack_nt_owners(443) unpack_nt_owners: unable to validate owner sid. [2002/03/01 09:32:34, 3] smbd/error.c:error_packet(99) error packet at smbd/nttrans.c(1736) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED </snip> Why can't samba validate the sid of the authenticated user? - Justin -------------- next part -------------- HTML attachment scrubbed and removed
On Fri, Mar 01, 2002 at 11:47:07AM -0800, Justin Weissig wrote:> Hi, > > I was hoping someone could help me out or just point me in the correct > directions as to what I am doing wrong. I have Samba 2.2.3a installed and > configured with winbind for domain authentication using an ext3 file system > with ACL support. It is working great! Thanks Samba Team! > > The problem that I am experiencing is I would like to use an application > like "xcopy" to propagate the ACL permissions to the samba server from one > of our w2k DFS servers. > > I have added a domain admin user to the "admin user =" string so that they > can create file as root so they should be able to do anything! The admin > user is able to authenticate to the Samba server and create the directory > using "xcopy" but when they attempt to change the permissions I get "access > denied" with this in my samba.log file. > > I AM able to use ACL through the samba shares to change permissions manually > but when I attempt to use xcopy to transfer the permissions automatically > here is when I receive. > > <snip> > [2002/03/01 09:32:34, 3] > smbd/nttrans.c:call_nt_transact_set_security_desc(1732) > call_nt_transact_set_security_desc: file = infosystems, sent 0x80000007 > [2002/03/01 09:32:34, 3] smbd/posix_acls.c:unpack_nt_owners(443) > unpack_nt_owners: unable to validate owner sid. > [2002/03/01 09:32:34, 3] smbd/error.c:error_packet(99) error packet at > smbd/nttrans.c(1736) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED > </snip> > > Why can't samba validate the sid of the authenticated user?Because it's trying to set a SID containing a component not known to the domain in which the Samba server exists (ie. it's a "foreign" SID). Tridge just added a hack to winbindd to allocate a uid or gid for "foreign" SIDs in HEAD, but this is not yet in 2.2.x. Jeremy.
Hi, I am getting the same error message with 2.2.X (I'm not using winbindd) when running a NT application from a samba share. This same app works with 2.0.X. I guess this a genuine bug rather than a mistake in my configuration. It would be interesting to know whay this happens and if there is likely to be a fix for it soon. Cheers Tom
Possibly Parallel Threads
- samba 2.2.3a -> unable to validate owner sid
- Problems resolving most users with winbind and AD/SFU
- Set primary group of file on samba share from windows
- Unable to validate owner sid.
- samba-tool classicupgrade (from v3 to v4) aborts with "Unable to get id for sid"