Discussion:
How to troubleshoot an ACL error?
(too old to reply)
Peter Clark
2014-03-04 15:08:40 UTC
Permalink
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
of testparm is:

[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr

[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No

[homes]
path = /home
read only = No

I can run lists:

smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]

Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$

However when I log in as a user and try to go into my homedir:

Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014

34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>

getfacl shows:
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x


When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.

My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.

Thanks,
Rowland Penny
2014-03-04 15:34:02 UTC
Permalink
Post by Peter Clark
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.
Thanks,
OK, so you are trying to login to a share on the samba server?

does your user have a uidNumber in AD? if so, is this the same number
that 'getent passwd pclark' shows on the samba4 server?

Rowland
Peter Clark
2014-03-04 16:06:12 UTC
Permalink
Hi,

Apparently they're not the same:

[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
[root at c3po ~]# wbinfo -n pclark
S-1-5-21-3282403630-2364130862-3038773389-1105 SID_USER (1)
[root at c3po ~]# ldbedit -e pico -H /usr/local/samba/private/idmap.ldb
objectsid=S-1-5-21-3282403630-2364130862-3038773389-1105
no matching records - cannot edit

I'm sure it's likely that this is some sort of operator error. I thought
winbind was supposed to take care of this kind of mapping? The AD user and
computer control panel on a Windows system shows the correct Unix username
and home dir for the user?
Post by Rowland Penny
Post by Peter Clark
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.
Thanks,
OK, so you are trying to login to a share on the samba server?
does your user have a uidNumber in AD? if so, is this the same number
that 'getent passwd pclark' shows on the samba4 server?
Rowland
Rowland Penny
2014-03-04 17:18:52 UTC
Permalink
Post by Peter Clark
Hi,
[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
Are you using fedora or centos or similar and is pclark a local user?
Post by Peter Clark
[root at c3po ~]# wbinfo -n pclark
S-1-5-21-3282403630-2364130862-3038773389-1105 SID_USER (1)
[root at c3po ~]# ldbedit -e pico -H /usr/local/samba/private/idmap.ldb
objectsid=S-1-5-21-3282403630-2364130862-3038773389-1105
no matching records - cannot edit
So pclark is also a domain user, must be, he has a SID
Post by Peter Clark
I'm sure it's likely that this is some sort of operator error. I thought
winbind was supposed to take care of this kind of mapping? The AD user and
computer control panel on a Windows system shows the correct Unix username
and home dir for the user?
Winbind will take of this, but the user cannot be a local user on the
server, he must only exist in AD. If the user is in AD then winbind
idmapping will map the user to a xidNumber (this is what you should find
in idmap.ldb), but this can be overridden by giving the user a uidNumber
(see UNIX Attributes tab in ADUC), Domain Users must also be given a
gidNumber and the user must also have this gidNumber, this is what
'idmap_ldb:use rfc2307 = yes' in smb.conf is for.

Rowland
Post by Peter Clark
Post by Rowland Penny
Post by Peter Clark
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The output
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09 2014
.. D 0 Mon Mar 3 03:44:25 2014
pclark D 0 Mon Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
When I try and bring up the folder on a Windows system the security tab
only has an X with an error message that says the "security information is
unavailable or cannot be displayed", even when logged into the domain as
Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm not
sure how to troubleshoot this further, any thoughts on how to reset the
acl to a baseline that can be later edited (or, what did I do wrong here?)
would be appreciated.
Thanks,
OK, so you are trying to login to a share on the samba server?
does your user have a uidNumber in AD? if so, is this the same number
that 'getent passwd pclark' shows on the samba4 server?
Rowland
Rowland Penny
2014-03-04 20:18:29 UTC
Permalink
Post by Rowland Penny
Post by Peter Clark
Hi,
[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
Are you using fedora or centos or similar and is pclark a local user?
Fedora 20, yes, 'pclark' is also a local user.
Thought so, remove the local user, you cannot have the same user in AD
and as a local user.
Post by Rowland Penny
Post by Peter Clark
[root at c3po ~]# wbinfo -n pclark
S-1-5-21-3282403630-2364130862-3038773389-1105 SID_USER (1)
[root at c3po ~]# ldbedit -e pico -H /usr/local/samba/private/idmap.ldb
objectsid=S-1-5-21-3282403630-2364130862-3038773389-1105
no matching records - cannot edit
So pclark is also a domain user, must be, he has a SID
Yes, I created a domain user with a login 'pclark' with ADUC.
OK, use this user.
Post by Rowland Penny
Post by Peter Clark
I'm sure it's likely that this is some sort of operator error. I thought
winbind was supposed to take care of this kind of mapping? The AD user and
computer control panel on a Windows system shows the correct Unix username
and home dir for the user?
Winbind will take of this, but the user cannot be a local user on the
server, he must only exist in AD. If the user is in AD then winbind
idmapping will map the user to a xidNumber (this is what you should find
in idmap.ldb), but this can be overridden by giving the user a uidNumber
(see UNIX Attributes tab in ADUC), Domain Users must also be given a
gidNumber and the user must also have this gidNumber, this is what
'idmap_ldb:use rfc2307 = yes' in smb.conf is for.
Alright, I'll try and reset the ADUC tab for the pclark user to have
500:500 like the local user and see how that goes.
Note that I never said this, but you might want to also set up sssd on
the samba4 server.
However, why can't the Administrator login get the security attributes of
that share either?
It is probably because you are using [homes], this does not work with
samba4, see:

https://wiki.samba.org/index.php/Setting_up_a_home_share

Rowland
smbclient -U administrator \\\\localhost\\homes
Domain=[PHOUSE] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Tue Mar 4 09:51:42 2014
.. D 0 Tue Mar 4 03:30:54 2014
pclark D 0 Tue Mar 4 14:10:10 2014
34001 blocks of size 8388608. 13438 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
Post by Rowland Penny
Rowland
Peter Clark
2014-03-05 13:57:37 UTC
Permalink
Post by Rowland Penny
Post by Rowland Penny
Post by Peter Clark
Hi,
[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
Are you using fedora or centos or similar and is pclark a local user?
Fedora 20, yes, 'pclark' is also a local user.
Thought so, remove the local user, you cannot have the same user in AD
and as a local user.
OK.. I deleted the AD user and created another AD user that has no local
account.
Post by Rowland Penny
However, why can't the Administrator login get the security attributes of
that share either?
It is probably because you are using [homes], this does not work with
https://wiki.samba.org/index.php/Setting_up_a_home_share
I renamed the share [test] and still get nothing on the security tab
except the "properties cannot be displayed" error when looked at from the
administrator account. I can't get past step 2 above (after adding the
disk permissions to the administrator account). Same NT_INVALID_ACL from
the smbclient program, nothing useful from the ADUC or system
properties/shares.

What's the easiest way to just baseline everything and start over? samba
is installed in /usr/local/samba.

Thanks again,
steve
2014-03-05 15:06:12 UTC
Permalink
Post by Peter Clark
Post by Rowland Penny
Post by Rowland Penny
Post by Peter Clark
Hi,
[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
Are you using fedora or centos or similar and is pclark a local user?
Fedora 20, yes, 'pclark' is also a local user.
Thought so, remove the local user, you cannot have the same user in AD
and as a local user.
OK.. I deleted the AD user and created another AD user that has no local
account.
Post by Rowland Penny
However, why can't the Administrator login get the security attributes of
that share either?
It is probably because you are using [homes], this does not work with
https://wiki.samba.org/index.php/Setting_up_a_home_share
I renamed the share [test] and still get nothing on the security tab
except the "properties cannot be displayed" error when looked at from the
administrator account. I can't get past step 2 above (after adding the
disk permissions to the administrator account). Same NT_INVALID_ACL from
the smbclient program, nothing useful from the ADUC or system
properties/shares.
What's the easiest way to just baseline everything and start over? samba
is installed in /usr/local/samba.
Thanks again,
Hi
I don't know what your new domain only user is so I'll use pclark
Try:
rm -r /home/pclark
and recreate it:
mkdir /home/pclark
Then in smb.conf

[test]
path = /home/pclark
read only = no
admin users = SOMETHING\Administrator

Not sure if default domain is working on the DC, so if not use:
admin users = Administrator
instead

-make sure nscd is turned off and then restart samba
-Now go and look at the security tab as Administrator

Anything?

Steve
Peter Clark
2014-03-05 16:29:51 UTC
Permalink
Post by steve
I don't know what your new domain only user is so I'll use pclark
rm -r /home/pclark
mkdir /home/pclark
Then in smb.conf
I made a user paclark
Post by steve
[test]
path = /home/pclark
read only = no
admin users = SOMETHING\Administrator
admin users = Administrator
instead
-make sure nscd is turned off and then restart samba
-Now go and look at the security tab as Administrator
NSCD isn't running on this server, it's running bind9 native with
bind9_dlz for the AD backend.
Post by steve
Anything?
Both ways for admin users come back with "the requested security
information is either unavailable or can't be displayed" on the
properties/security tab.
Post by steve
Steve
steve
2014-03-05 17:00:47 UTC
Permalink
Post by Peter Clark
Post by steve
I don't know what your new domain only user is so I'll use pclark
rm -r /home/pclark
mkdir /home/pclark
Then in smb.conf
I made a user paclark
Post by steve
[test]
path = /home/pclark
read only = no
admin users = SOMETHING\Administrator
admin users = Administrator
instead
-make sure nscd is turned off and then restart samba
-Now go and look at the security tab as Administrator
NSCD isn't running on this server, it's running bind9 native with
bind9_dlz for the AD backend.
Post by steve
Anything?
Both ways for admin users come back with "the requested security
information is either unavailable or can't be displayed" on the
properties/security tab.
Post by steve
Steve
Are you sure that Administrator DN has both uidNumber and gidNumber
attributes? The latter also implies that a domain group e.g. Domain\
Users have gidNumber populated too. We choose 0, 20513 and 20513
respectively. Even though your smb.conf suggests that they are present,
it may be worth checking their existence.
HTH
Steve

Rowland Penny
2014-03-05 15:18:44 UTC
Permalink
Post by Peter Clark
Post by Rowland Penny
Post by Rowland Penny
Post by Peter Clark
Hi,
[root at c3po ~]# getent passwd pclark
pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
Are you using fedora or centos or similar and is pclark a local user?
Fedora 20, yes, 'pclark' is also a local user.
Thought so, remove the local user, you cannot have the same user in AD
and as a local user.
OK.. I deleted the AD user and created another AD user that has no local
account.
Post by Rowland Penny
However, why can't the Administrator login get the security attributes of
that share either?
It is probably because you are using [homes], this does not work with
https://wiki.samba.org/index.php/Setting_up_a_home_share
I renamed the share [test] and still get nothing on the security tab
except the "properties cannot be displayed" error when looked at from the
administrator account. I can't get past step 2 above (after adding the
disk permissions to the administrator account). Same NT_INVALID_ACL from
the smbclient program, nothing useful from the ADUC or system
properties/shares.
What's the easiest way to just baseline everything and start over? samba
is installed in /usr/local/samba.
Thanks again,
OK, provided that you configured the samba4 build with './configure
--with-ads --with-shared-modules=idmap_ad'

Stop all samba 4 daemons if running.

You then need to find the following files:

account_policy.tdb share_info.tdb group_mapping.tdb registry.tdb
passdb.tdb secrets.tdb winbindd_idmap.tdb

On a normal distro install, you would probably find these in
/var/lib/samba, but I think that on your install, they will be in
/usr/local/samba/var/locks & /usr/local/samba/private

Where ever they are, delete them.

also find and delete, browse.dat netsamlogon_cache.tdb
winbindd_cache.tdb, these will probably be in /usr/local/samba/var/cache

You now need a valid smb.conf placed in /usr/local/samba/etc, try this one:

[global]
workgroup = EXAMPLE
realm = example.com
server string = Test Samba Server
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config EXAMPLE:backend = ad
# if no uidNumber or gidNumber attributes in AD, change above
line for this:
#idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:schema_mode = rfc2307
idmap config EXAMPLE:range = 500-40000

Ensure that /etc/resolv.conf points to the AD server and /etc/krb5.conf
is setup for your realm.

Restart smbd, nmbd & winbind daemons and see how you go on

Rowland
Harry Jede
2014-03-05 17:08:00 UTC
Permalink
Post by Peter Clark
I'm running Version 4.2.0pre1-GIT-ca3998d on a Fedora 20 host. The
[global]
workgroup = SOMETHING
realm = SOMETHING.SOMETHING.COM
server role = active directory domain controller
passdb backend = samba_dsdb
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver, winreg, srvsvc
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/something.something.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[homes]
path = /home
read only = No
smbclient -L localhost -U%
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
homes Disk
IPC$ IPC IPC Service
localhost is an IPv6 address -- no workgroup available
[pclark at c3po ~]$
Domain=[SOMETHING] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-ca3998d]
smb: \> dir
. D 0 Sun Mar 2 11:06:09
2014 .. D 0 Mon Mar 3
03:44:25 2014 pclark D 0 Mon
Mar 3 13:36:36 2014
34001 blocks of size 8388608. 13463 blocks available
smb: \> cd pclark
cd \pclark\: NT_STATUS_INVALID_ACL
smb: \>
getfacl pclark
# file: pclark
# owner: pclark
# group: pclark
user::rwx
group::rwx
other::r-x
put the user pclark in an other group
remove the the group pclark
try again
Post by Peter Clark
When I try and bring up the folder on a Windows system the security
tab only has an X with an error message that says the "security
information is unavailable or cannot be displayed", even when logged
into the domain as Administrator.
My drives are mounted with user_xattr,acl options in /etc/fstab. I'm
not sure how to troubleshoot this further, any thoughts on how to
reset the acl to a baseline that can be later edited (or, what did I
do wrong here?) would be appreciated.
Thanks,
--
regards
Harry Jede
Continue reading on narkive:
Loading...