samba - Dec 2007 - How to make "Add permission" for folder in system with ntacl support? Part 2

Hello.

Sorry I didn't post it under the "how to make..." email - I
didn't
received it - I only found it in archives. But I think we both mean the
same.

All this below regards samba on debian etch: 3.0.24-6etch4

I have a share on partition mounted with acl (options=acl,...). As you
know I can locally on server add another ACL entries on files in that
folder. When I connect with windows 2000 to that share there are some
ACEs in there (all visible with username, not sid).

1) When I try to add another user It asks for username again and then
says "The credentials supplied conflict with an existing set of
credentials" and it doesn't show any users which I could add. I cannot
also add any username I know.
2) When I try to add another user in Windows XP it simply asks me for
username and then doesn't allow any username to be added to ACL (the
same as in 2K)
3) When I run under linux net rpc users -Uusername - it shows me ALL
users from server
4) Finally when I run windows on my other machine (where I never
intended to use acls) which is debian sarge (samba 3.0.14a-3sarge) it
ALL WORKS. I can add users, chose them from list (it was only tested
under windows 2000)
5) I tried to install pure samba sarge on clean vm (with etch) and it
also didn't work.

It appears to me that windows somehow cannot get userlist from samba
server, but I don't know why, because net rpc does it well. I also tried
to copy whole smb.conf from that server where all is working - it didn't
help. Many tries I've done with no result.

Please - anybody has it configured? It would be my salvation (in terms
of job and servers and administration also ;) )... It would solve half
of my problems. Help meee!

Pawel

-- 
------------------------------------------
Pawe? Jaworski
administrator

Pawel Jaworski pisze:
> Hello.
> 
> Sorry I didn't post it under the "how to make..." email - I
didn't
> received it - I only found it in archives. But I think we both mean the
> same.
> 
> All this below regards samba on debian etch: 3.0.24-6etch4
> 
> I have a share on partition mounted with acl (options=acl,...). As you
> know I can locally on server add another ACL entries on files in that
> folder. When I connect with windows 2000 to that share there are some
> ACEs in there (all visible with username, not sid).
> 
> 1) When I try to add another user It asks for username again and then
> says "The credentials supplied conflict with an existing set of
> credentials" and it doesn't show any users which I could add. I
cannot
> also add any username I know.
> 2) When I try to add another user in Windows XP it simply asks me for
> username and then doesn't allow any username to be added to ACL (the
> same as in 2K)
> 3) When I run under linux net rpc users -Uusername - it shows me ALL
> users from server
> 4) Finally when I run windows on my other machine (where I never
> intended to use acls) which is debian sarge (samba 3.0.14a-3sarge) it
> ALL WORKS. I can add users, chose them from list (it was only tested
> under windows 2000)
> 5) I tried to install pure samba sarge on clean vm (with etch) and it
> also didn't work.
> 
> It appears to me that windows somehow cannot get userlist from samba
> server, but I don't know why, because net rpc does it well. I also
tried
> to copy whole smb.conf from that server where all is working - it
didn't
> help. Many tries I've done with no result.
> 
> Please - anybody has it configured? It would be my salvation (in terms
> of job and servers and administration also ;) )... It would solve half
> of my problems. Help meee!
> 
> Pawel
> 
I've just read here: 
http://techxworld.com/community/blogs/features/archive/2007/05/21/acls-on-samba.aspx
that samba can be somewhat problematic when it comes to standalone 
server, not connected to any domain - with fetching users list. But one 
my server alredy does it well. And in my work there is no possibility to 
connect the server to PDC because there is no PDC (we only have 2 
windowses).


Have anybody met such problem? Have anybody overcome it?

Pawel Jaworski