HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- CIFS and ACLs
Operating System - HP-UX
1833847
Members
2127
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2005 12:09 AM
05-31-2005 12:09 AM
CIFS and ACLs
Hi,
I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS security-mode. Winbind is used to map the userers from the W2K3-Domain (german) to an tdb-file. The user mapping works fine, but I have probelms with the ACLS: setting the ACLS to a file or folder from windows leads in "access denied". I'm the owner of the object and have full access. The really crazy thing is, that it works sometimes, but later the ACLs are gone (showing standard permissions) and I can't modify them (Access denied). "getacls" from Unix side displays the formerly configured ACLS ....
The logfile (loglevel=2) shows:
log.smbd:
open_sockets_smbd: accept: No buffer space available
.log
[2005/05/30 11:22:29, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9429)
[2005/05/30 11:29:37, 1] smbd/service.c:close_cnum(835)
192.168.200.11 (192.168.200.11) closed connection to service tmp
[2005/05/30 11:30:17, 2] smbd/server.c:main(893)
Changed root to /
[2005/05/30 11:30:17, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/05/30 11:30:19, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9553)
[2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).
my smb.conf is simple:
[global]
display charset = UTF-8
workgroup = FRHAWIN
realm = YYYYY.YYYYY.YYY
netbios name = FSERV0
server string = CIFS_HP_UX
security = ADS
password server = xxxx.xxxxx.xxxx.xxx
log level = 2
log file = /var/opt/samba/log.%m
max log size = 1000
host msdfs = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Any suggestions?
Regards: Thilo
I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS security-mode. Winbind is used to map the userers from the W2K3-Domain (german) to an tdb-file. The user mapping works fine, but I have probelms with the ACLS: setting the ACLS to a file or folder from windows leads in "access denied". I'm the owner of the object and have full access. The really crazy thing is, that it works sometimes, but later the ACLs are gone (showing standard permissions) and I can't modify them (Access denied). "getacls" from Unix side displays the formerly configured ACLS ....
The logfile (loglevel=2) shows:
log.smbd:
open_sockets_smbd: accept: No buffer space available
[2005/05/30 11:22:29, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9429)
[2005/05/30 11:29:37, 1] smbd/service.c:close_cnum(835)
192.168.200.11 (192.168.200.11) closed connection to service tmp
[2005/05/30 11:30:17, 2] smbd/server.c:main(893)
Changed root to /
[2005/05/30 11:30:17, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/05/30 11:30:19, 1] smbd/service.c:make_connection_snum(648)
192.168.200.11 (192.168.200.11) connect to service tmp initially as user FRHAWIN\Administrator (uid=10000, gid=10000) (pid 9553)
[2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).
my smb.conf is simple:
[global]
display charset = UTF-8
workgroup = FRHAWIN
realm = YYYYY.YYYYY.YYY
netbios name = FSERV0
server string = CIFS_HP_UX
security = ADS
password server = xxxx.xxxxx.xxxx.xxx
log level = 2
log file = /var/opt/samba/log.%m
max log size = 1000
host msdfs = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Any suggestions?
Regards: Thilo
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2005 12:56 AM
05-31-2005 12:56 AM
Re: CIFS and ACLs
Unix user id's are actually numeric. Samba(CIFS) has a workaround to provide numeric UID compatability between Unix and Windows hosts.
This may be an issue here.
There is material on the 2004 HP-World site that should deal with this issue. I attended a lecture that showed how to get ACL's working with Samba 3.x, which is what you seem to have installed based on the CIFS versino number you reported.
One thing I try and do is have user names on both the windows and Unix side. It keeps the headaches of this setup from hurting too much.
SEP
This may be an issue here.
There is material on the 2004 HP-World site that should deal with this issue. I attended a lecture that showed how to get ACL's working with Samba 3.x, which is what you seem to have installed based on the CIFS versino number you reported.
One thing I try and do is have user names on both the windows and Unix side. It keeps the headaches of this setup from hurting too much.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2005 01:42 AM
05-31-2005 01:42 AM
Re: CIFS and ACLs
Thanks,
but I thinkt the user mapping is not the point. Winbind seems to work fine. If the Windows-User "Administrator" creates a File on the tmp-Share, ls -la displays Username "Administrator" und Group "domainuser@domainname" correctly. "id Administrator" gives me the (Unix-)user-id 10000. Looks good.
What about the logged errors:
open_sockets_smbd: accept: No buffer space available
and:
2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).
but I thinkt the user mapping is not the point. Winbind seems to work fine. If the Windows-User "Administrator" creates a File on the tmp-Share, ls -la displays Username "Administrator" und Group "domainuser@domainname" correctly. "id Administrator" gives me the (Unix-)user-id 10000. Looks good.
What about the logged errors:
open_sockets_smbd: accept: No buffer space available
and:
2005/05/30 11:30:36, 2] smbd/posix_acls.c:set_canon_ace_list(2422)
set_canon_ace_list: sys_acl_set_file type file failed for file ACLStest (Invalid argument).
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP