Bug 2112 - smbcacls very strange
Summary: smbcacls very strange
Status: RESOLVED DUPLICATE of bug 2111
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.9
Hardware: All Linux
: P3 regression
Target Milestone: none
Assignee: Tim Potter
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-01 10:12 UTC by paul (dead mail address)
Modified: 2004-12-04 07:35 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description paul (dead mail address) 2004-12-01 10:12:21 UTC
Hi,


When i make acls i have some time NT_STATUS_ACCESS_DENIED



smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1081:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215


smbcacls -U administrateur%a //localhost/test_c /kk.bmp -a
ACL:S-1-5-21-1688021309-183578045-1594628879-1080:0/0/0x001f01ff
added interface ip=10.0.0.235 bcast=10.0.0.255 nmask=255.255.255.0
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
NT_TRANSACT_SET_SECURITY_DESC failed
ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED



I make more acls but a lot of make NT_STATUS_ACCESS_DENIED.



the SID of S-1-5-21-1688021309-183578045-1594628879-1081:

ldapsearch -x SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: SambaSID=S-1-5-21-1688021309-183578045-1594628879-1081
# requesting: ALL
#

# loc2, Group, example.com
dn: cn=loc2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc2
gidNumber: 1602
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1081
sambaGroupType: 4
displayName: loc2
memberUid: Administrateur
memberUid: d
memberUid: e
memberUid: f
memberUid:: SW52aXTDqQ==
memberUid: IUSR_NT2
memberUid: misc


the SID of S-1-5-21-1688021309-183578045-1594628879-1080:

# loc, Group, example.com
dn: cn=loc,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: loc
sambaSID: S-1-5-21-1688021309-183578045-1594628879-1080
sambaGroupType: 4
displayName: loc
memberUid: Administrateur
memberUid: b
memberUid: d
memberUid: e
memberUid: f
memberUid: IUSR_NT2
memberUid: misc
gidNumber: 1601

# search result
search: 2
result: 0 Success

I can see on the log:

# numResponses: 2  unix_mode(oooo.bmp) inheriting from .
[2004/12/01 13:33:45, 2] smbd/dosmode.c:unix_mode(68)
  unix_mode(oooo.bmp) inherit mode 40711
[2004/12/01 13:33:45, 3] smbd/dosmode.c:unix_mode(111)
  unix_mode(oooo.bmp) returning 0700
[2004/12/01 13:33:45, 2] smbd/posix_acls.c:set_canon_ace_list(2421)
  set_canon_ace_list: sys_acl_set_file type file failed for file
oooo.bmp (Invalid argument).
[2004/12/01 13:33:45, 3] smbd/posix_acls.c:set_nt_acl(3102)
  set_nt_acl: failed to set file acl on file oooo.bmp (Invalid
argument).
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(105)
  error string = Invalid argument
[2004/12/01 13:33:45, 3] smbd/error.c:error_packet(129)
  error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2004/12/01 13:33:45, 3] smbd/process.c:process_smb(1092)

# numEntries: 1


THanks
Comment 1 paul (dead mail address) 2004-12-01 11:21:38 UTC
Hi;

I just see xfs can't have more than 25 acls :)

Do you have any idea to make more than 25 acls 

THanks
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-12-04 07:35:04 UTC

*** This bug has been marked as a duplicate of 2111 ***