Oliver Freyd
2010-May-28 14:45 UTC
[Samba] samba 3.5.3: loads of errors copying some simple ACLs with robocopy
Maybe I'm doing somthing really stupid, but while copying some windows
share onto a samba server, on some random subdirectory robocopy
says ERROR 87 (0x00000057) Copying NTFS Security to Destination Directory...
The samba logfile has lots of these lines.
modules/vfs_posixacl.c:349(smb_acl_to_posix)
smb_acl_to_posix: ACL is invalid for set (Das Argument ist ung?ltig)
The strange thing is that the same configuration worked with
samba-3.4.8 (from lenny-backports, on lenny, with the lenny kernel).
The samba3.5.3 is the sernet-samba, on lenny, with lenny kernel (2.6.26).
The ACL on the files to be copied are really simple, just
Everyone/Full Control, and "netzadmin"/Full Control.
That user is admin user on the samba machine, and is the user doing the
robocopy on a windows XP machine.
The filesystem is ext3, mounted with acl,user_xattr.
testparm says:
workgroup = XXXXX
netbios name = SERVER2
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/machines/log.%m
max log size = 1000
name resolve order = wins bcast host
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = scripts\logon.cmd
logon path domain logons = Yes
os level = 60
domain master = No
dns proxy = No
wins server = 192.168.0.38
ldap admin dn = cn=admin,dc=xxxxx,dc=com
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=machines
ldap passwd sync = yes
ldap suffix = dc=xxxxx,dc=com
ldap ssl = no
ldap timeout = 20
ldap user suffix = ou=users
add share command = /usr/bin/touch /tmp/test
panic action = /usr/share/samba/panic-action %d
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15000-20000
idmap gid = 15000-20000
admin users = netzadmin
ea support = Yes
map acl inherit = Yes
[netlogon]
comment = Network Logon Share
path = /data/netlogon
browseable = No
locking = No
[Installations]
comment = Installations
path = /data/h/Installations
read only = No
create mask = 0770
directory mask = 0770
force unknown acl user = Yes
inherit permissions = Yes
inherit acls = Yes
...
BTW, using the
vfs objects = acl_xattr
gives less of these ERROR 87 lines.
Don't know if this is helpful, I'll go back to samba-3.4.8 for now...
Oliver Freyd
2010-Jun-04 14:09 UTC
[Samba] samba 3.5.3: loads of errors copying some simple ACLs with robocopy
I've run the same test again with loglevel 10 (shudder), and sifted
through the logfile.
below is a part of it. To me it seems that samba, and the vfs_acl_xattr
module mangles the ACL and in the end acl_valid() finds the acl is invalid.
In the logfile I see 2 entries ACL_USER_OBJ for uid netzadmin,
and one more as ACL_USER, for the same user.
The duplicate entry seems to be invalid, also, the man page of acl_valid
says that an ACL_MASK entry is required if an ACL_USER or ACL_GROUP is
present...
Anyway, hopefully is log dump is helpful...
--------------------------------------------------------------------
[2010/06/04 16:12:09.917488, 5] auth/token_util.c:531(debug_nt_user_token)
NT user token of user S-1-5-21-2043234088-984444579-347745105-1165
contains 15 SIDs
SID[ 0]: S-1-5-21-2043234088-984444579-347745105-1165
SID[ 1]: S-1-5-21-2043234088-984444579-347745105-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-2043234088-984444579-347745105-512
SID[ 6]: S-1-5-32-544
SID[ 7]: S-1-5-21-2043234088-984444579-347745105-1029
SID[ 8]: S-1-5-21-2043234088-984444579-347745105-1203
SID[ 9]: S-1-22-1-1044
SID[ 10]: S-1-22-2-513
SID[ 11]: S-1-22-2-512
SID[ 12]: S-1-22-2-544
SID[ 13]: S-1-22-2-1005
SID[ 14]: S-1-22-2-1010
SE_PRIV 0xff0 0x0 0x0 0x0
[2010/06/04 16:12:09.917577, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 513 and contains 5 supplementary groups
Group[ 0]: 513
Group[ 1]: 512
Group[ 2]: 544
Group[ 3]: 1005
Group[ 4]: 1010
[2010/06/04 16:12:09.917614, 5] smbd/uid.c:354(change_to_user)
change_to_user uid=(0,0) gid=(0,513)
[2010/06/04 16:12:09.917628, 10] smbd/nttrans.c:2821(reply_nttrans)
num_setup=0, param_total=8, this_param=8, max_param=0,
data_total=216, this_data=216, max_data=0, param_offset=76, data_offset=84
[2010/06/04 16:12:09.917642, 3]
smbd/nttrans.c:1899(call_nt_transact_set_security_desc)
call_nt_transact_set_security_desc: file = Installations/IMRE
Singapore/IMRE on-site/settings, sent 0x20000007
[2010/06/04 16:12:09.917660, 10] smbd/nttrans.c:858(set_sd)
set_sd for file Installations/IMRE Singapore/IMRE on-site/settings
[2010/06/04 16:12:09.917672, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
psd: struct security_descriptor
revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x8d04 (36100)
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
0: SEC_DESC_SERVER_SECURITY
Unable to open new log file /var/log/samba/machines/log.rnb: No such
file or directory
1: SEC_DESC_DACL_AUTO_INHERIT_REQ
0: SEC_DESC_SACL_AUTO_INHERIT_REQ
1: SEC_DESC_DACL_AUTO_INHERITED
1: SEC_DESC_SACL_AUTO_INHERITED
0: SEC_DESC_DACL_PROTECTED
0: SEC_DESC_SACL_PROTECTED
0: SEC_DESC_RM_CONTROL_VALID
1: SEC_DESC_SELF_RELATIVE
owner_sid : *
owner_sid :
S-1-5-21-2043234088-984444579-347745105-1165
group_sid : *
group_sid :
S-1-5-21-2043234088-984444579-347745105-513
sacl : NULL
dacl : *
dacl: struct security_acl
revision : SECURITY_ACL_REVISION_NT4 (2)
size : 0x008c (140)
num_aces : 0x00000005 (5)
aces: ARRAY(5)
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x10 (16)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee :
S-1-5-21-2043234088-984444579-347745105-513
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x1b (27)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee : S-1-3-1
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x13 (19)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee :
S-1-5-21-2043234088-984444579-347745105-1165
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x1b (27)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee : S-1-3-0
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x13 (19)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee : S-1-1-0
[2010/06/04 16:12:09.918318, 10]
./modules/vfs_acl_common.c:670(fset_nt_acl_common)
fset_nt_acl_xattr: incoming sd for file Installations/IMRE
Singapore/IMRE on-site/settings
[2010/06/04 16:12:09.918331, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
CONST_DISCARD(struct security_descriptor *,psd): struct
security_descriptor
revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x8d04 (36100)
Unable to open new log file /var/log/samba/machines/log.rnb: No such
file or directory
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
0: SEC_DESC_SERVER_SECURITY
1: SEC_DESC_DACL_AUTO_INHERIT_REQ
0: SEC_DESC_SACL_AUTO_INHERIT_REQ
1: SEC_DESC_DACL_AUTO_INHERITED
1: SEC_DESC_SACL_AUTO_INHERITED
0: SEC_DESC_DACL_PROTECTED
0: SEC_DESC_SACL_PROTECTED
0: SEC_DESC_RM_CONTROL_VALID
1: SEC_DESC_SELF_RELATIVE
owner_sid : *
owner_sid :
S-1-5-21-2043234088-984444579-347745105-1165
group_sid : *
group_sid :
S-1-5-21-2043234088-984444579-347745105-513
sacl : NULL
dacl : *
dacl: struct security_acl
revision : SECURITY_ACL_REVISION_NT4 (2)
size : 0x008c (140)
num_aces : 0x00000005 (5)
aces: ARRAY(5)
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x10 (16)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee :
S-1-5-21-2043234088-984444579-347745105-513
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x1b (27)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee : S-1-3-1
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x13 (19)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee :
S-1-5-21-2043234088-984444579-347745105-1165
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x1b (27)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
object : union
security_ace_object_ctr(case 0)
trustee : S-1-3-0
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x13 (19)
1: SEC_ACE_FLAG_OBJECT_INHERIT
1: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
1: SEC_ACE_FLAG_INHERITED_ACE
0x03: SEC_ACE_FLAG_VALID_INHERIT (3)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0014 (20)
access_mask : 0x001f01ff (2032127)
Unable to open new log file /var/log/samba/machines/log.rnb: No such
file or directory
object : union
security_ace_object_ctr(case 0)
trustee : S-1-1-0
[2010/06/04 16:12:09.919349, 10] smbd/posix_acls.c:3842(set_nt_acl)
set_nt_acl: called for file Installations/IMRE Singapore/IMRE
on-site/settings
[2010/06/04 16:12:09.919382, 5] smbd/posix_acls.c:1191(unpack_nt_owners)
unpack_nt_owners: validating owner_sids.
[2010/06/04 16:12:09.919417, 3] smbd/posix_acls.c:1213(unpack_nt_owners)
unpack_nt_owners: owner sid mapped to uid 1044
[2010/06/04 16:12:09.919445, 3] smbd/posix_acls.c:1235(unpack_nt_owners)
unpack_nt_owners: group sid mapped to gid 513
[2010/06/04 16:12:09.919471, 5] smbd/posix_acls.c:1238(unpack_nt_owners)
unpack_nt_owners: owner_sids validated.
[2010/06/04 16:12:09.919499, 10]
smbd/posix_acls.c:1904(create_canon_ace_lists)
create_canon_ace_lists: adding file ACL:
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.919537, 10]
smbd/posix_acls.c:1809(create_canon_ace_lists)
create_canon_ace_lists: adding dir ACL:
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
[2010/06/04 16:12:09.919574, 10]
smbd/posix_acls.c:1809(create_canon_ace_lists)
create_canon_ace_lists: adding dir ACL:
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.919612, 10]
smbd/posix_acls.c:1904(create_canon_ace_lists)
create_canon_ace_lists: adding file ACL:
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.919648, 10]
smbd/posix_acls.c:1809(create_canon_ace_lists)
create_canon_ace_lists: adding dir ACL:
canon_ace index 0. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
[2010/06/04 16:12:09.919683, 10]
smbd/posix_acls.c:1809(create_canon_ace_lists)
create_canon_ace_lists: adding dir ACL:
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.919715, 10]
smbd/posix_acls.c:1904(create_canon_ace_lists)
create_canon_ace_lists: adding file ACL:
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.919745, 10] smbd/posix_acls.c:1506(check_owning_objs)
check_owning_objs: ACL had owning user/group entries.
[2010/06/04 16:12:09.919768, 10] smbd/posix_acls.c:1506(check_owning_objs)
check_owning_objs: ACL had owning user/group entries.
[2010/06/04 16:12:09.919790, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: file ace - before merge
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.919869, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: dir ace - before merge
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.919946, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: file ace - before deny
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920007, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: dir ace - before deny
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920082, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: file ace - before valid
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920135, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: dir ace - before valid
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920209, 3] smbd/dosmode.c:166(unix_mode)
unix_mode(Installations/IMRE Singapore/IMRE on-site/settings)
returning 0760
[2010/06/04 16:12:09.920230, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: file ace - return
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920282, 10] smbd/posix_acls.c:841(print_canon_ace_list)
print_canon_ace_list: dir ace - return
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920355, 10] smbd/posix_acls.c:2724(set_canon_ace_list)
set_canon_ace_list: setting ACL:
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920407, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 0. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920443, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920472, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x10 perms rwx
[2010/06/04 16:12:09.920496, 10]
modules/vfs_posixacl.c:89(posixacl_sys_acl_set_file)
Calling acl_set_file: Installations/IMRE Singapore/IMRE
on-site/settings, 0
Unable to open new log file /var/log/samba/machines/log.rnb: No such
file or directory
[2010/06/04 16:12:09.920541, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 513) : sec_ctx_stack_ndx = 1
[2010/06/04 16:12:09.920575, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/06/04 16:12:09.920594, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/04 16:12:09.920613, 5] auth/token_util.c:525(debug_nt_user_token)
NT user token: (NULL)
[2010/06/04 16:12:09.920630, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2010/06/04 16:12:09.920663, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 513) - sec_ctx_stack_ndx = 0
[2010/06/04 16:12:09.920684, 10] smbd/posix_acls.c:2724(set_canon_ace_list)
set_canon_ace_list: setting ACL:
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920755, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users)
SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx
[2010/06/04 16:12:09.920781, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 1. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920807, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 2. Type = allow SID =
S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin)
SMB_ACL_USER ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920832, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin)
SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx
[2010/06/04 16:12:09.920850, 10] smbd/posix_acls.c:2824(set_canon_ace_list)
canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x13 perms rwx
[2010/06/04 16:12:09.920866, 10]
modules/vfs_posixacl.c:89(posixacl_sys_acl_set_file)
Calling acl_set_file: Installations/IMRE Singapore/IMRE
on-site/settings, 1
[2010/06/04 16:12:09.920879, 0]
modules/vfs_posixacl.c:349(smb_acl_to_posix)
smb_acl_to_posix: ACL is invalid for set (Invalid argument)
[2010/06/04 16:12:09.920894, 2] smbd/posix_acls.c:2895(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type directory default failed
for file Installations/IMRE Singapore/IMRE on-site/settings (Invalid
argument).
[2010/06/04 16:12:09.920909, 3] smbd/posix_acls.c:3979(set_nt_acl)
set_nt_acl: failed to set default acl on directory Installations/IMRE
Singapore/IMRE on-site/settings (Invalid argument).
[2010/06/04 16:12:09.920926, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/nttrans.c(1909) cmd=160 (SMBnttrans)
NT_STATUS_INVALID_PARAMETER
Possibly Parallel Threads
- Samba serving sshfs shares: can't delete files
- Clients can't write to group-writable files
- W2k client using "synchronize" on a samba configured RH Linux 9 file server ...
- Clients can't write to group-writable files - plea for help
- Clients can't write to group-writable files - plea for help