Kirk Marple
2004-Jun-25 00:40 UTC
[Samba] Problem setting ACLs on files/folders... plz help!
I'm running Samba on a Mac OS X server, and the server is a member of a Windows domain (Windows 2003). Samba is setup for security=domain permissions. I have opened up a file share to the Windows machines named AppDeployment. I'm able to open \\xserve\AppDeployment on a Windows server, and am able to create directories and copy files in there. (Btw, when i attempt to "net use" that directory from Windows, I'm required to enter an account from the Mac server.) Even if i login as 'root' on the Mac server when accessing that file share, when i try and change the permissions of a folder (i.e. add ACLs for a domain user via the Windows property page), I get an error dialog saying "Unable to save permission changes on <directory name>". Access is denied." when i try and apply the changes. any thoughts on what could be going wrong? i'm pretty stuck! am i going about this the wrong way? basically i want to setup Samba so i can have a file share on the Mac server that is exposed to the Windows servers in the domain, and the Windows servers can set ACLs on the files/folders using accounts in the domain. thanks for any help! Kirk -------------------- [global] workgroup = <...> password server = * hide files = .Trashes/Temporary Items/Desktop */TheFindByContentFolder/TheVolumeSettingsFolder/.DS_Store/.AppleDouble/ display charset = UTF-8-MAC print command = /usr/sbin/PrintServiceAccess printps %p %s lprm command = /usr/sbin/PrintServiceAccess remove %p %j security = domain guest account = unknown encrypt passwords = yes printing = BSD allow trusted domains = yes preferred master = no lppause command = /usr/sbin/PrintServiceAccess hold %p %j netbios name = xserve wins support = no max smbd processes = 0 printcap server string = Mac OS X lpresume command = /usr/sbin/PrintServiceAccess release %p %j client ntlmv2 auth = yes domain logons = no lpq command = /usr/sbin/PrintServiceAccess jobs %p passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC socket options = SO_RCVBUF=64240 auth methods = guest ntdomain opendirectory local master = no use spnego = yes map to guest = Bad User domain master = no printer admin = @admin, @staff log level = 3 [AppDeployment] oplocks = 0 map archive = no path = /Volumes/<...>/AppDeployment read only = no inherit permissions = 1 strict locking = 1 comment = macosx create mask = 0666 guest ok = 1 public = yes writeable = yes directory mask = 0777
Hi Did you build acl support into your kernel? When you type smbd -b|grep -i acl, what kind of output do you get- you sure the acl support is compiled in properly into samba? What kind of output do you get in your samba logs when and before you get the access denied messages? Finally, I dont see any "nt acl support = yes" line in your smb.conf file-- why dont you add it in? Regards Prajjwal Kirk Marple wrote:> I'm running Samba on a Mac OS X server, and the server is a member of a > Windows domain (Windows 2003). > > Samba is setup for security=domain permissions. > > I have opened up a file share to the Windows machines named AppDeployment. > I'm able to open \\xserve\AppDeployment on a Windows server, and am able to > create directories and copy files in there. (Btw, when i attempt to "net > use" that directory from Windows, I'm required to enter an account from the > Mac server.) > > Even if i login as 'root' on the Mac server when accessing that file share, > when i try and change the permissions of a folder (i.e. add ACLs for a > domain user via the Windows property page), I get an error dialog saying > "Unable to save permission changes on <directory name>". Access is denied." > when i try and apply the changes. > > any thoughts on what could be going wrong? i'm pretty stuck! > > am i going about this the wrong way? basically i want to setup Samba so i > can have a file share on the Mac server that is exposed to the Windows > servers in the domain, and the Windows servers can set ACLs on the > files/folders using accounts in the domain. > > thanks for any help! > Kirk > > -------------------- > > [global] > workgroup = <...> > password server = * > hide files = .Trashes/Temporary Items/Desktop > */TheFindByContentFolder/TheVolumeSettingsFolder/.DS_Store/.AppleDouble/ > display charset = UTF-8-MAC > print command = /usr/sbin/PrintServiceAccess printps %p %s > lprm command = /usr/sbin/PrintServiceAccess remove %p %j > security = domain > guest account = unknown > encrypt passwords = yes > printing = BSD > allow trusted domains = yes > preferred master = no > lppause command = /usr/sbin/PrintServiceAccess hold %p %j > netbios name = xserve > wins support = no > max smbd processes = 0 > printcap > server string = Mac OS X > lpresume command = /usr/sbin/PrintServiceAccess release %p %j > client ntlmv2 auth = yes > domain logons = no > lpq command = /usr/sbin/PrintServiceAccess jobs %p > passdb backend = opendirectorysam guest > dos charset = CP437 > unix charset = UTF-8-MAC > socket options = SO_RCVBUF=64240 > auth methods = guest ntdomain opendirectory > local master = no > use spnego = yes > map to guest = Bad User > domain master = no > printer admin = @admin, @staff > log level = 3 > > [AppDeployment] > oplocks = 0 > map archive = no > path = /Volumes/<...>/AppDeployment > read only = no > inherit permissions = 1 > strict locking = 1 > comment = macosx > create mask = 0666 > guest ok = 1 > public = yes > writeable = yes > directory mask = 0777 >