Bug 2111 - smbcacls very strange
Summary: smbcacls very strange
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.9
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Tim Potter
QA Contact: Samba QA Contact
URL:
Keywords:
: 2112 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-12-01 06:21 UTC by paul (dead mail address)
Modified: 2020-12-20 17:04 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description paul (dead mail address) 2004-12-01 06:21:03 UTC
Hi,


When i make acls i have some time NT_STATUS_ACCESS_DENIED



smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1081:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215


smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1080:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NT_TRANSACT_SET_SECURITY_DESC failed
ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED



I make more acls but a lot of make NT_STATUS_ACCESS_DENIED.



the SID of S-1-5-21-1688021309-183578045-1594628879-1081:

ldapsearch -x SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# requesting: ALL
#

# loc2, Group, example.com
dn: cn=loc2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc2
gidNumber: 1602
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1081
sambaGroupType: 4
displayName: loc2
memberUid: Administrateur
memberUid: d
memberUid: e
memberUid: f
memberUid:: SW52aXTDqQ==
memberUid: IUSR_NT2
memberUid: misc


the SID of S-1-5-21-1688021309-183578045-1594628879-1080:

# loc, Group, example.com
dn: cn=loc,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1080
sambaGroupType: 4
displayName: loc
memberUid: Administrateur
memberUid: b
memberUid: d
memberUid: e
memberUid: f
memberUid: IUSR_NT2
memberUid: misc
gidNumber: 1601

# search result
search: 2
result: 0 Success

I can see on the log:

# numResponses: 2  unix_mode(oooo.bmp) inheriting from .
[2004/12/01 13:33:45, 2] smbd/dosmode.c:unix_mode(68)
  unix_mode(oooo.bmp) inherit mode 40711
[2004/12/01 13:33:45, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(oooo.bmp) returning 0700
[2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421)
  set_canon_ace_list: sys_acl_set_file type file failed for file
oooo.bmp (Invalid argument).
[2004/12/01 13:33:45, 3] smbd/posix_acls.c:set_nt_acl(3102)
  set_nt_acl: failed to set file acl on file oooo.bmp (Invalid
argument).
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(105)
  error string = Invalid argument
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(129)
  error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2004/12/01 13:33:45, 3] smbd/process.c:process_smb(1092)

# numEntries: 1


THanks
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-12-04 07:35:06 UTC
*** Bug 2112 has been marked as a duplicate of this bug. ***
Comment 2 Martin Dorey 2005-05-18 18:31:41 UTC
(In reply to comment #0)
> When i make acls i have some time NT_STATUS_ACCESS_DENIED

Me too.  I raised https://bugzilla.samba.org/show_bug.cgi?id=2726 where I've
submitted a patch.  I'm running against Windows 2000 and you're running against
Samba.  This problem:

> [2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421)
>   set_canon_ace_list: sys_acl_set_file type file failed for file
> oooo.bmp (Invalid argument).

Looks likely to be something completely unrelated to mine to my uneducated eye.
 I just thought I'd mention it in case.
Comment 3 Björn Jacke 2020-12-20 17:04:47 UTC
I haven't seen such errors in recent samba versions if things are set up correctly.