Samba Team private Client: Windows Vista x64 Server: Samba 3.0.28 (on CentOS5 x64) The backup utility on Vista (Backup and Restore Center) fails when backing up to Samba network shares. The utility wants to set some ACLs on the backup files it creates for added security. Before actually doing the backup, the Vista backup utility creates a couple temporary files and tests if it has permissions, etc. It is at this point where the backup fails. Interestingly, Samba-3.0.25 to Samba-3.0.25b work just fine with the Vista backup tool, but other versions I tested fail. Samba-3.0.10 FAIL Samba-3.0.24 FAIL Samba-3.0.25 PASS Samba-3.0.25a PASS Samba-3.0.25b PASS Samba-3.0.25c FAIL Samba-3.0.26a FAIL Samba-3.0.27a FAIL Samba-3.0.28 FAIL Samba <= 2.0.24 fails with the Vista error: "Cannot create a file when that file already exists. (0x800700B7)". Samba >= 3.0.25c fails with the Vista error: "You need Full Control permission for the network share.... (0x8100002A)". I have uploaded some captures of Samba-3.0.25b and Samba-3.0.28 here: http://www.sentry.net/~obsid/samba/vistabackup-samba-3.0.25b.pcap http://www.sentry.net/~obsid/samba/vistabackup-samba-3.0.28.pcap
Hmmm. This looks like it might be a bug we fixed for 3.0.28a. The ACL being set has both SE_DESC_DACL_AUTO_INHERITED and SE_DESC_DACL_AUTO_INHERIT_REQ set. I think this is a duplicate of #4308, which is confirmed fixed. If I give you a source code tarball can you build it to confirm, or do you need an rpm or .deb package ? Alternatively if you give me step by step instructions on how to walk though this with Vista, I'll try and reproduce here and see if it's fixed. Jeremy.
Sure, I can work with a tarball. Send it along :) If you want to reproduce, simply open up the "Backup and Restore Center" in Vista and select "Back up files," or if you've already set this up you may need to click "Change Settings". In either case you should eventually get to a screen asking you where to place your backup. You will only have two choices; backup to a hard disk of CD/DVD, or backup to a network share. Select the "On a network" option and enter the full path of the network share, and then click next. It will prompt you for a username/password. If it doesn't error immediately after clicking "OK," then the bug is likely fixed - but you could continue with the backup to be sure.
Mailed it (too big for bugzilla attachment). I'll test on Vista tomorrow back @ work (I'm on the shuttle going home now :-). Jeremy.
Got the attachment. I can confirm that the bug appears to be fixed in 3.0.28a. Thanks! Would you happened to know if there is a smbtorture test to test those ACLs?
Actually a duplicate of #4308. This thing shows up in interesting ways :-). Jeremy. *** This bug has been marked as a duplicate of 4308 ***
Re-opening. The fix committed here breaks inheritance in the Windows ACL editor. Need some other way to fix this. Jeremy.
Created attachment 3731 [details] Temporary patch for 3-2-test branch. Ok, here is a (temporary, not final) fix for #5873. It should allow removal of ACE entries again for bug #5873. The strange thing is I've tested this with the Vista backup center and it doesn't break the ACL tests. Can someone confirm this with the Samba 3-2-test git branch with this patch attached (that Vista backup works with it) ? Jeremy.
I'm running Ubuntu 10.04 with Samba 3.4.7 against my Vista Home Premium machine. The backup app does not run. "You need Full Control permission for the network share... (0x8100002A)" SMBD log: [2010/06/18 08:56:36, 0] smbd/server.c:1069(main) smbd version 3.4.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/06/18 08:56:36, 0] smbd/server.c:1115(main) standard input is not a socket, assuming -D option SMBD log for my vista host: [2010/06/18 08:59:03, 1] smbd/service.c:1063(make_connection_snum) philip-vista (192.168.0.10) connect to service data-backup initially as user philip (uid=1000, gid=1000) (pid 14227) [2010/06/18 08:59:13, 1] smbd/service.c:1240(close_cnum) philip-vista (192.168.0.10) closed connection to service data-backup
closing, starved discussion and no longer an issue in 2021