HPE Community
Operating System - HP-UX
1836646 Members
1921 Online
110102 Solutions
New Discussion

CIFS and ACLs

 
Thilo Rees
New Member

‎05-31-2005 12:09 AM

‎05-31-2005 12:09 AM

CIFS and ACLs

Hi,

I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS security-mode. Winbind is used to map the userers from the W2K3-Domain (german) to an tdb-file. The user mapping works fine, but I have probelms with the ACLS: setting the ACLS to a file or folder from windows leads in "access denied". I'm the owner of the object and have full access. The really crazy thing is, that it works sometimes, but later the ACLs are gone (showing standard permissions) and I can't modify them (Access denied). "getacls" from Unix side displays the formerly configured ACLS ....
The logfile (loglevel=2) shows:

log.smbd:
open_sockets_smbd: accept: No buffer space available

.log
[2005/05/30 11:22:29, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9429)
[2005/05/30 11:29:37, 1] smbd/service.c:close_cnum(835)
192.168.200.11 (192.168.200.11) closed connection to service tmp
[2005/05/30 11:30:17, 2] smbd/server.c:main(893)
Changed root to /
[2005/05/30 11:30:17, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/05/30 11:30:19, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9553)
[2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).

my smb.conf is simple:

[global]
display charset = UTF-8
workgroup = FRHAWIN
realm = YYYYY.YYYYY.YYY
netbios name = FSERV0
server string = CIFS_HP_UX
security = ADS
password server = xxxx.xxxxx.xxxx.xxx
log level = 2
log file = /var/opt/samba/log.%m
max log size = 1000
host msdfs = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes

[tmp]
comment = Temporary file space
path = /tmp
read only = No

Any suggestions?

Regards: Thilo
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎05-31-2005 12:56 AM

‎05-31-2005 12:56 AM

Re: CIFS and ACLs

Unix user id's are actually numeric. Samba(CIFS) has a workaround to provide numeric UID compatability between Unix and Windows hosts.

This may be an issue here.

There is material on the 2004 HP-World site that should deal with this issue. I attended a lecture that showed how to get ACL's working with Samba 3.x, which is what you seem to have installed based on the CIFS versino number you reported.

One thing I try and do is have user names on both the windows and Unix side. It keeps the headaches of this setup from hurting too much.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Thilo Rees
New Member

‎05-31-2005 01:42 AM

‎05-31-2005 01:42 AM

Re: CIFS and ACLs

Thanks,

but I thinkt the user mapping is not the point. Winbind seems to work fine. If the Windows-User "Administrator" creates a File on the tmp-Share, ls -la displays Username "Administrator" und Group "domainuser@domainname" correctly. "id Administrator" gives me the (Unix-)user-id 10000. Looks good.
What about the logged errors:
open_sockets_smbd: accept: No buffer space available
and:

2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.