Hi all, I have joined samba server (3.0.14a-2) to an ADS. I can copy, move and remove files from any windows workstation and also I can set ACLs. I need migrate files from 4 w2k servers to samba server and preserve ACL's. One server are into ADS domain, but the others server are into others domains. I use robocopy.exe to migrate files and folders. When I run robocopy the files and folders are copied but the ACLs are not preserved. The error is: [2005/09/13 10:15:06, 1] smbd/service.c:make_connection_snum(642) wxp (192.168.1.115) connect to service docu initially as user CECOTDM +administrador (uid=10000, gid=10000) (pid 2695) [2005/09/13 10:15:06, 0] smbd/posix_acls.c:create_canon_ace_lists(1388) create_canon_ace_lists: unable to map SID S-1-5-21-1844237615-920026266-725345543-500 to uid or gid. Possibly an idea? David, -- INGENT GROUP SYSTEMS, SL www.ingent.net David Matar? i Ciller dmataro@ingent.net 629 819 621
David Matar? Ciller wrote:> Hi all, > > I have joined samba server (3.0.14a-2) to an ADS. I can copy, move and > remove files from any windows workstation and also I can set ACLs. I > need migrate files from 4 w2k servers to samba server and preserve > ACL's. One server are into ADS domain, but the others server are into > others domains. I use robocopy.exe to migrate files and folders. When I > run robocopy the files and folders are copied but the ACLs are not > preserved. > > The error is: > > [2005/09/13 10:15:06, 1] smbd/service.c:make_connection_snum(642) wxp > (192.168.1.115) connect to service docu initially as user CECOTDM > +administrador (uid=10000, gid=10000) (pid 2695) > [2005/09/13 10:15:06, 0] smbd/posix_acls.c:create_canon_ace_lists(1388) > create_canon_ace_lists: unable to map SID > S-1-5-21-1844237615-920026266-725345543-500 to uid or gid. > > Possibly an idea?How do you expect samba to convert the ACL if there is no SID -> uid/gid mapping? Apparently the users (i.e. SIDs of DACLs) on your "other server" are unknown to samba (is it part of a trusted domain?). hth Paul
Hi all, I habe a strange Problem with Samba 3.0.20-SUSE-SERNET (ad memberserver). Everytime I try to access a file/directory with user-acls via a XP box I get access denied! The group-acls works. On W2K and NT4 Clients there is no problem like this. client output ------------------------------------------------- fetch sid from uid cache 11147 -> S-1-5-21-1935655697-790525478-682003330-1147 [2005/09/28 09:53:27, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(158) fetch sid from uid cache 11149 -> S-1-5-21-1935655697-790525478-682003330-1149 [2005/09/28 09:53:27, 5] smbd/files.c:file_free(459) freed files structure 5002 (0 used) [2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(250) [2005/09/28 09:53:27, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1977721719-1418567724-1093324438-23294 se_access_check: also S-1-5-21-1977721719-1418567724-1093324438-22027 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1935655697-790525478-682003330-513 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2135 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2142 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2126 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2131 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2128 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2146 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2123 se_access_check: also S-1-5-21-1935655697-790525478-682003330-2136 [2005/09/28 09:53:27, 5] lib/util_seaccess.c:se_access_check(314) se_access_check: access (1) denied. As you can see samba says the user sid ist "S-1-5-21-1977721719-1418567724-1093324438-23294", but this is not correct, true is "S-1-5-21-1935655697-790525478-682003330-1147"! Ok with the wrong user sid I get no access to files with user acls and since the group sids are ok I get access to file with groups acls. What`s going wrong here? Any suggestions? cheers Stefan To: gd@samba.org Cc: vlendec@samba.org