Hi, When i make acls i have some time NT_STATUS_ACCESS_DENIED smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a ACL:S-1-5-21-1688021309-183578045-1594628879-1081:0/0/0x001f01ff added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0 Connecting to host=localhost Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a ACL:S-1-5-21-1688021309-183578045-1594628879-1080:0/0/0x001f01ff added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0 Connecting to host=localhost Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 NT_TRANSACT_SET_SECURITY_DESC failed ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED I make more acls but a lot of make NT_STATUS_ACCESS_DENIED. the SID of S-1-5-21-1688021309-183578045-1594628879-1081: ldapsearch -x SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081 # extended LDIF # # LDAPv3 # base <> with scope sub # filter: SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081 # requesting: ALL # # loc2, Group, example.com dn: cn=loc2,ou=Group,dc=example,dc=com objectClass: posixGroup objectClass: sambaGroupMapping cn: loc2 gidNumber: 1602 sambaSID: S-1-5-21-1688021309-183578045-1594628879-1081 sambaGroupType: 4 displayName: loc2 memberUid: Administrateur memberUid: d memberUid: e memberUid: f memberUid:: SW52aXTDqQ== memberUid: IUSR_NT2 memberUid: misc the SID of S-1-5-21-1688021309-183578045-1594628879-1080: # loc, Group, example.com dn: cn=loc,ou=Group,dc=example,dc=com objectClass: posixGroup objectClass: sambaGroupMapping cn: loc sambaSID: S-1-5-21-1688021309-183578045-1594628879-1080 sambaGroupType: 4 displayName: loc memberUid: Administrateur memberUid: b memberUid: d memberUid: e memberUid: f memberUid: IUSR_NT2 memberUid: misc gidNumber: 1601 # search result search: 2 result: 0 Success I can see on the log: # numResponses: 2 unix_mode(oooo.bmp) inheriting from . [2004/12/01 13:33:45, 2] smbd/dosmode.c:unix_mode(68) unix_mode(oooo.bmp) inherit mode 40711 [2004/12/01 13:33:45, 3] smbd/dosmode.c:unix_mode(111) unix_mode(oooo.bmp) returning 0700 [2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421) set_canon_ace_list: sys_acl_set_file type file failed for file oooo.bmp (Invalid argument). [2004/12/01 13:33:45, 3] smbd/posix_acls.c:set_nt_acl(3102) set_nt_acl: failed to set file acl on file oooo.bmp (Invalid argument). [2004/12/01 13:33:45, 3] smbd/error.c:error_packet(105) error string = Invalid argument [2004/12/01 13:33:45, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED [2004/12/01 13:33:45, 3] smbd/process.c:process_smb(1092) # numEntries: 1 THanks
*** Bug 2112 has been marked as a duplicate of this bug. ***
(In reply to comment #0) > When i make acls i have some time NT_STATUS_ACCESS_DENIED Me too. I raised https://bugzilla.samba.org/show_bug.cgi?id=2726 where I've submitted a patch. I'm running against Windows 2000 and you're running against Samba. This problem: > [2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421) > set_canon_ace_list: sys_acl_set_file type file failed for file > oooo.bmp (Invalid argument). Looks likely to be something completely unrelated to mine to my uneducated eye. I just thought I'd mention it in case.
I haven't seen such errors in recent samba versions if things are set up correctly.