notinh notien
2007-May-25 01:32 UTC
[Samba] Need help: Centos 5, Samba as file server + ACL for WORKGROUP
Hi, all. I could not add any additional users to a file or directory using
the Windows Security tab in Windows XP Sp2. Here is my configuration for
samba-3.0.23c-2.el5.2.0.2.
# grep ACL config-2.6.18-8.el5
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
# smbd -b | grep ACL
HAVE_SYS_ACL_H
HAVE_POSIX_ACLS
# cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,acl,user_xattr
1 1
#mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw,acl,user_xattr)
#getfacl /storage/Engineers/abc.txt
getfacl: Removing leading '/' from absolute path names
# file: storage/Engineers/abc.txt
# owner: nntien
# group: Engineers
user::rwx
group::rwx
other::---
[root@filer Engineers]# id mly
uid=501(mly) gid=501(mly)
groups=501(mly),5000(Engineers),6000(Accounting),7000(Manufacturing)
[root@filer Engineers]# id nntien
uid=500(nntien) gid=500(nntien) groups=500(nntien),5000(Engineers)
# cat /etc/samba/smbpasswd
nntien:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:5AF11A754A88475E68E3BFA04E552711:[U
]:LCT-465460BD:
mly:501:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:5AF11A754A88475E68E3BFA04E552711:[U
]:LCT-46549197:
My samba server has local ip as 192.168.0.203 and here is my smb.conf file:
[global]
workgroup = BEEINC
server string = FILER TEST Server
passdb backend = smbpasswd:/etc/samba/smbpasswd
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/%m.log
max log size = 50
deadtime = 15
preferred master = No
local master = No
domain master = No
dns proxy = No
admin users = mly
force create mode = 0660
force directory mode = 0770
[Engineers]
path = /storage/Engineers
read only = No
security mask = 0770
force security mode = 0770
directory security mask = 0770
force directory security mode = 0770
inherit permissions = Yes
inherit acls = Yes
follow symlinks = No
When I accessed this Engineers share from Windows XP with nntien account, I
was able to create new files and directories. When it came to add
additional user to the ACL, I used Windows Security tab to add but I could
not. At times, a pop up windows prompted for user name and password, I
entered root and root's passowrd. After that I enter user name as mly into
the field, or mly@192.168.0.203 or anything suggested but I always got the
error message of: "An object named "mly" cannot be found. I tried
other
users that are not in the same owner group of this folder too but nothing
worked.
ls -lhat
total 32K
drwxrws--- 10 nntien Engineers 4.0K May 24 10:14 Engineers
-rwxrwx--- 1 nntien Engineers 7 May 23 11:37 abc.txt
I still could add new user in Linux:
[root@filer Engineers]# setfacl -m user:hmtien:rx abc.txt
[root@filer Engineers]# getfacl abc.txt
# file: abc.txt
# owner: nntien
# group: Engineers
user::rwx
user:hmtien:r-x
group::rwx
mask::rwx
other::---
# id hmtien
uid=502(hmtien) gid=502(hmtien) groups=502(hmtien),7000(Manufacturing)
When I opened the Windows Security tab in Windows Explorer, I saw this new
entry set correctly there. I really do not want to use the command line to
do this anytime a new entry needs to be included.
Could somebody here tell me how I should go about adding more entries using
Windows Security tab? What did I miss for my configuration? What could be
wrong?
Thank you very much for your helps.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Jamrock
2007-May-27 12:39 UTC
[Samba] Re: Need help: Centos 5, Samba as file server + ACL for WORKGROUP
"notinh notien" <notinhnotien7@hotmail.com> wrote in message news:BAY136-F1713DDCA7BFA4BAB3DEDDCF52B0@phx.gbl...> Hi, all. I could not add any additional users to a file or directoryusing> the Windows Security tab in Windows XP Sp2. Here is my configuration for > samba-3.0.23c-2.el5.2.0.2. >Perhaps this article will assist you. http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1080966,00.html