Set ACLs on Samba share from Windows
in [Samba]
|
Prev: [Samba] Set ACLs on Samba share from Windows
Next: [Samba] Identical user entry in pdbedit (tdbsam)
From: tms3 on 4 Jul 2010 19:00 > > > > I have a Samba server, Operating system Samba Version. Does *Nix file system used support ACL's? Are ACL's turned on for the samba share mountpoint? > > joined to my Windows Active Directory domain, and > I'm having a problem setting ACLs on a share from Windows. On Windows, > I > get the error message "Unable to save permission changes on <folder>. > The > parameter is incorrect." and when I look in my Samba log, I see the > message "ACL is invalid for set (Invalid argument)". > > "getent passwd" and "getent group" return both local and AD users and > groups, respectively. > > Here are the relevant lines from my smb.conf: > > [global] > workgroup = <My domain> > server string = Samba Server Version %v > log file = /var/log/samba/log.%m > max log size = 50 > log level = 3 winbind:10 acls:10 > security = ads > realm = <My domain>.LOCAL > encrypt passwords = yes > idmap uid = 2000-10000 > idmap gid = 2000-10000 > winbind enum groups = yes > winbind enum users = yes > wins server = 10.0.0.65 > load printers = no > cups options = raw > [homes] > comment = Home Directories > browseable = no > writable = yes > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > [paperport] > comment = Test share for PaperPort images > path = /u1/images > admin users = <My domain>\<user1> <My domain>\<me> > public = yes > writable = yes > browseable = yes > > I'm sure I'm missing something minor, but I can't figure out what it > is. > Anyone have any ideas? > > Thanks > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on 4 Jul 2010 20:30 It works for me - Solaris 10, ZFS file system, configured as a PDC or BDC #testparm -v | grep "acl " acl compatibility = auto acl check permissions = Yes acl group control = No acl map full control = Yes force unknown acl user = No nt acl support = Yes map acl inherit = No If you are on linux, ext3 and ext4 should support acl's. Can you use "setfacl" to change permissions on a file on the unix level using the uid of a domain user? Can you, in windows, set permissions for someone defined as a local user? That might indicated if the problem is really with ACL's or if the problem is with winbind retrieving users from the domain controller. (Although getent seems to indicate that that winbind is not the problem.) -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Dadoo Sent: Saturday, July 03, 2010 3:46 AM To: samba(a)lists.samba.org Subject: [Samba] Set ACLs on Samba share from Windows I can't seem to verify whether or my first attempt at sending this message was successful, so I'm reposting it, using a different method. I apologize if anyone has seen it already. I have a Samba server, joined to my Windows Active Directory domain, and I'm having a problem setting ACLs on a share from Windows. On Windows, I get the error message "Unable to save permission changes on <folder>. The parameter is incorrect." and when I look in my Samba log, I see the message "ACL is invalid for set (Invalid argument)". "getent passwd" and "getent group" return both local and AD users and groups, respectively. Here are the relevant lines from my smb.conf: [global] workgroup = <My domain> server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 log level = 3 winbind:10 acls:10 security = ads realm = <My domain>.LOCAL encrypt passwords = yes idmap uid = 2000-10000 idmap gid = 2000-10000 winbind enum groups = yes winbind enum users = yes wins server = 10.0.0.65 load printers = no cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [paperport] comment = Test share for PaperPort images path = /u1/images admin users = <My domain>\<user1> <My domain>\<me> public = yes writable = yes browseable = yes I'm sure I'm missing something minor, but I can't figure out what it is. Anyone have any ideas? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Dadoo on 7 Jul 2010 01:10 On Sun, 04 Jul 2010 20:26:47 -0400, Gaiseric Vandal wrote: > It works for me - Solaris 10, ZFS file system, configured as a PDC or > BDC > > #testparm -v | grep "acl " > > acl compatibility = auto > acl check permissions = Yes > acl group control = No > acl map full control = Yes > force unknown acl user = No > nt acl support = Yes > map acl inherit = No I'll try those settings and see if that works. > Can you use "setfacl" to change permissions on a file on the unix level > using the uid of a domain user? Yes. > Can you, in windows, set permissions for someone defined as a local > user? I don't know. I'll have to set up user mappings to get that to work. > That might indicated if the problem is really with ACL's or if the > problem is with winbind retrieving users from the domain controller. > (Although getent seems to indicate that that winbind is not the > problem.) Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Dadoo on 7 Jul 2010 01:20 On Sun, 04 Jul 2010 15:55:26 -0700, tms3 wrote: > Operating system Samba Version. Fedora 13. Samba 3.5.4 (the one supplied with Fedora) > Does *Nix file system used support > ACL's? Yes. > Are ACL's turned on for the samba share mountpoint? Is this an OS setting or a Samba setting? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gary Dale on 7 Jul 2010 01:40 On 07/07/10 01:11 AM, Dadoo wrote: > On Sun, 04 Jul 2010 15:55:26 -0700, tms3 wrote: > > >> Operating system Samba Version. >> > Fedora 13. Samba 3.5.4 (the one supplied with Fedora) > > >> Does *Nix file system used support >> ACL's? >> > Yes. > > >> Are ACL's turned on for the samba share mountpoint? >> > Is this an OS setting or a Samba setting? > > Thanks. > > ACLs can sometimes be turned on or off on a file system as a mount option. Other times it's inherent in the system. It may even be a format-time option. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Next
|
Last
Pages: 1 2 Prev: [Samba] Set ACLs on Samba share from Windows Next: [Samba] Identical user entry in pdbedit (tdbsam) |