I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
of testparm is:
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path /usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
I can run lists:
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
However when I log in as a user and try to go into my homedir:
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl shows:
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.
Thanks,
On 04/03/14 15:08, Peter Clark wrote:> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output > of testparm is: > > [global] > workgroup = SOMETHING > realm = SOMETHING.SOMETHING.COM > server role = active directory domain controller > passdb backend = samba_dsdb > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate, smb > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, > eventlog6, backupkey, dnsserver, winreg, srvsvc > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > > [netlogon] > path > /usr/local/samba/var/locks/sysvol/something.something.com/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [homes] > path = /home > read only = No > > I can run lists: > > smbclient -L localhost -U% > Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d] > > Sharename Type Comment > --------- ---- ------- > netlogon Disk > sysvol Disk > homes Disk > IPC$ IPC IPC Service > localhost is an IPv6 address -- no workgroup available > [pclark at c3po ~]$ > > However when I log in as a user and try to go into my homedir: > > Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d] > smb: \> dir > . D 0 Sun Mar 2 11:06:09 2014 > .. D 0 Mon Mar 3 03:44:25 2014 > pclark D 0 Mon Mar 3 13:36:36 2014 > > 34001 blocks of size 8388608. 13463 blocks available > smb: \> cd pclark > cd \pclark\: NT_STATUS_INVALID_ACL > smb: \> > > getfacl shows: > getfacl pclark > # file: pclark > # owner: pclark > # group: pclark > user::rwx > group::rwx > other::r-x > > > When I try and bring up the folder on a Windows system the security tab > only has an X with an error message that says the "security information is > unavailable or cannot be displayed", even when logged into the domain as > Administrator. > > My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not > sure how to troubleshoot this further, any thoughts on how to reset the > acl to a baseline that can be later edited (or, what did I do wrong here?) > would be appreciated. > > Thanks, >OK, so you are trying to login to a share on the samba server? does your user have a uidNumber in AD? if so, is this the same number that 'getent passwd pclark' shows on the samba4 server? Rowland
On 18:05:10 wrote Peter Clark:> I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The > output of testparm is: > > [global] > workgroup = SOMETHING > realm = SOMETHING.SOMETHING.COM > server role = active directory domain controller > passdb backend = samba_dsdb > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate, smb > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, > eventlog6, backupkey, dnsserver, winreg, srvsvc > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > > [netlogon] > path > /usr/local/samba/var/locks/sysvol/something.something.com/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [homes] > path = /home > read only = No > > I can run lists: > > smbclient -L localhost -U% > Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d] > > Sharename Type Comment > --------- ---- ------- > netlogon Disk > sysvol Disk > homes Disk > IPC$ IPC IPC Service > localhost is an IPv6 address -- no workgroup available > [pclark at c3po ~]$ > > However when I log in as a user and try to go into my homedir: > > Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d] > smb: \> dir > . D 0 Sun Mar 2 11:06:09 > 2014 .. D 0 Mon Mar 3 > 03:44:25 2014 pclark D 0 Mon > Mar 3 13:36:36 2014 > > 34001 blocks of size 8388608. 13463 blocks available > smb: \> cd pclark > cd \pclark\: NT_STATUS_INVALID_ACL > smb: \> > > getfacl shows: > getfacl pclark > # file: pclark > # owner: pclark > # group: pclark > user::rwx > group::rwx > other::r-xput the user pclark in an other group remove the the group pclark try again> > When I try and bring up the folder on a Windows system the security > tab only has an X with an error message that says the "security > information is unavailable or cannot be displayed", even when logged > into the domain as Administrator. > > My drives are mounted with user_xattr,acl options in /etc/fstab. I'm > not sure how to troubleshoot this further, any thoughts on how to > reset the acl to a baseline that can be later edited (or, what did I > do wrong here?) would be appreciated. > > Thanks,-- regards Harry Jede