Well, I screwed around a bit and after doing a "wbinfo -u" and a "wbinfo -g" I stopped getting the "unable to map SID" error. Now I'm getting a different error. ;-D [2004/05/25 09:09:34, 3] smbd/dosmode.c:unix_mode(111) unix_mode(FC2-i386-disc1.iso) returning 0744 [2004/05/25 09:09:34, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2500) convert_canon_ace_to_posix_perms: Too many ACE entries for file FC2-i386-disc1.iso to convert to posix perms. [2004/05/25 09:09:34, 3] smbd/posix_acls.c:set_nt_acl(3141) set_nt_acl: failed to convert file acl to posix permissions for file FC2-i386-disc1.iso. [2004/05/25 09:09:34, 3] smbd/error.c:error_packet(94) error string Function not implemented [2004/05/25 09:09:34, 3] smbd/error.c:error_packet(118) error packet at smbd/nttrans.c(1827) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED Here's the getfacl for the file in question: [root@hart-nas redhat]# getfacl FC2-i386-disc1.iso # file: FC2-i386-disc1.iso # owner: root # group: mis user::rw- group::rw- other::rw- As you can see it's a pretty basic situation. I'm just trying to add one user to the ACL list and give them modify permissions. It occured to me that the problem *might* be that I was not the owner of the file and so I corrected that situation but still got exactly the same results in the log file. Michael St. Laurent <mailto:mikes@hartwellcorp.com> wrote:> I've got ACLs enabled in the kernel now and I can add and/or remove > them using the unix command line program (setfacl/getfacl). However, > there still seems to be a problem. When I try to add an ACL type > permission to a file (through Samba) I get the following in the log > file: > > [2004/05/24 18:14:57, 0] > smbd/posix_acls.c:create_canon_ace_lists(1381) > create_canon_ace_lists: unable to map SID > S-1-5-21-356471451-824197641-1237804090-1180 to uid or gid. > > I'm fairly certain that Samba was compiled with the --with-acl-support > option so I think the problem is with my smb.conf file. > > Below is the relevant section: > > [global] > workgroup = MERCURY > server string = Hart-NAS Storage Server > security = DOMAIN > encrypt passwords = Yes > password server = * > winbind trusted domains only = Yes > idmap gid = 30000-40000 > idmap uid = 30000-40000 > log file = /var/log/samba/log.%m > log level = 0 > max log size = 50 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > load printers = No > printcap name = /etc/samba/smbprinters > add user script = /usr/local/sbin/add_smb_user %u > os level = 0 > local master = No > dns proxy = No > wins server = 10.11.10.6 > write cache size = 524288 > max xmit = 65535 > > -- > Michael St. Laurent > Hartwell Corporation-- Michael St. Laurent Hartwell Corporation
On Tue, May 25, 2004 at 09:21:14AM -0700, Michael St. Laurent wrote:> Well, I screwed around a bit and after doing a "wbinfo -u" and a "wbinfo -g" > I stopped getting the "unable to map SID" error. Now I'm getting a > different error. ;-D > > [2004/05/25 09:09:34, 3] smbd/dosmode.c:unix_mode(111) > unix_mode(FC2-i386-disc1.iso) returning 0744 > [2004/05/25 09:09:34, 3] > smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2500) > convert_canon_ace_to_posix_perms: Too many ACE entries for file > FC2-i386-disc1.iso to convert to posix perms. > [2004/05/25 09:09:34, 3] smbd/posix_acls.c:set_nt_acl(3141) set_nt_acl: > failed to convert file acl to posix permissions for file FC2-i386-disc1.iso. > [2004/05/25 09:09:34, 3] smbd/error.c:error_packet(94) error string > Function not implementedThis is a giveaway. Looks like your kernel doesn't support POSIX acls, or Samba isn't compiled correctly with ACL support. Jeremy.