NT_STATUS_ACCESS_DENIED on previously created files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Ubuntu, I have upgraded to the latest LTS version, which upgraded my
Samba to 3.6.3 and now getting NT_STATUS_ACCESS_DENIED when trying to
remove files and folders. This server MEDIA is setup as a member server
to a FreeBSD PDC called MAIL using LDAP for authentication. All been
working great for a long time, now from the PDC, I try....

mail# smbclient -U robert //media/robert
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap backend" option is deprecated
Enter robert's password:
Domain=[WEBTENT] OS=[Unix] Server=[Samba 3.6.3]
smb: \> mkdir test
smb: \> rmdir test
NT_STATUS_ACCESS_DENIED removing remote directory file \test

I know I have some work to do to get rid of the warnings, but I can
login to MAIL (PDC) and other Win workstations, create and remove files
with no issue. It is only when logging into this member server locally
or from a remote workstation. Getting this sort of thing in the logs...

[2012/05/10 14:24:33.711345, 10] smbd/posix_acls.c:3412(posix_get_nt_acl)
  posix_get_nt_acl: called for file test
[2012/05/10 14:24:33.711404, 10] smbd/posix_acls.c:2537(canonicalise_acl)
  canonicalise_acl: Access ace entries before arrange :
[2012/05/10 14:24:33.711447, 10] smbd/posix_acls.c:2550(canonicalise_acl)
  canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2012/05/10 14:24:33.711496, 10] smbd/posix_acls.c:2550(canonicalise_acl)
  canon_ace index 1. Type = allow SID = S-1-22-2-512 gid 512 (Domain
Admins) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
[2012/05/10 14:24:33.713525, 10] smbd/posix_acls.c:2550(canonicalise_acl)
  canon_ace index 2. Type = allow SID =
S-1-5-21-684728786-369066487-751336906-33290 uid 16145 (robert)
SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
[2012/05/10 14:24:33.715245, 10] smbd/posix_acls.c:848(print_canon_ace_list)
  print_canon_ace_list: canonicalise_acl: ace entries after arrange
  canon_ace index 0. Type = allow SID =
S-1-5-21-684728786-369066487-751336906-33290 uid 16145 (robert)
SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
  canon_ace index 1. Type = allow SID = S-1-22-2-512 gid 512 (Domain
Admins) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
  canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2012/05/10 14:24:33.718539, 10] smbd/posix_acls.c:1124(map_canon_ace_perms)
  map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
[2012/05/10 14:24:33.718585, 10] smbd/posix_acls.c:1124(map_canon_ace_perms)
  map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
[2012/05/10 14:24:33.718627, 10] smbd/posix_acls.c:1124(map_canon_ace_perms)
  map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
[2012/05/10 14:24:33.718676, 10] smbd/file_access.c:76(can_access_file_acl)
  can_access_file_acl for file test access_mask 0x10000, access_granted
0x10000 access DENIED

I've googled stuff like this...

https://bugzilla.samba.org/show_bug.cgi?id=7521

I even tried upgrading my PDC to the latest available, 3.6.5, but
nothing seems to help. Has anyone had this issue?

Thanks, Robert
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Index of Archives]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [RAID]     [Trinity TED Users]     [Yosemite News]
  Powered by Linux