The Samba-Bugzilla – Bug 11407
smbclient refuses access to a resource with ACL constraints
Last modified: 2015-08-01 09:35:30 UTC
Created attachment 11277 [details]
I am having problems with accessing
The scenario looks like this:
1. LDAP authentication for client & server (both using Ubuntu 14.04).
2. SMB server with a share accessible to a certain ACL group or user.
3. A user (that should be allowed to access the share: is a member of the group or is an ACL user) accesses the share from a client using nautilus and smb:// URI.
Access is granted to the resource.
Permission denied for accessing the resource in question.
The gvfs version I used in this case was built with this change cherry-picked: https://git.gnome.org/browse/gvfs/commit/?id=a0aec32
To give you some context in terms of the log attached: the user account I used in this case is user128. I have created 3 resources in the share:
dir1 - accessible to all
dir2 - with u:user128:rwx ACL rule set
dir3 - with g:miners:rwx ACL rule set (user128 is in the group 'miners')
Dir1 can be accessed without any issues, accessing dir2 or dir3 ends up with 'permission denied' message.
Created attachment 11278 [details]
smb.conf from the server
That tells me you're getting ACCESS_DENIED, doesn't tell me why on the server. Can you get server level 10 debug logs please ?
Created attachment 11299 [details]
Adding a level 10 server log.
map to guest = bad user
[2015/07/31 09:39:20.118662, 4, pid=2315, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:1497(ldapsam_getsampwnam)
ldapsam_getsampwnam: Unable to locate user [darek] count=0
leads to your session to being mapped to guest. As guest you don't have access. Please check your LDAP tree for user darek.
I'm closing this bug as invalid, this seems like a misconfigured system