[OpenIndiana-discuss] samba4

maurilio.longo at libero.it maurilio.longo at libero.it
Mon Mar 17 09:30:21 UTC 2025 

Hi again,

sorry for continuing my ramblings, but I've spent hours trying to make it work, I've even used Grok's help to find a cause for my problems, but all was in vain.

This is my latest smb.conf

[global]
        log level = 10
        server role = standalone server
        workgroup = WORKGROUP
        netbios name = SAMBA4
        passdb backend = smbpasswd
[test]
        path = /nas/testsmb/sys
        read only = no
        writeable = yes
        force user = frecover
        force group = frecover
        guest ok = no
        vfs objects = zfsacl

I'm using zfs ACLs, as per Grok suggestion, and these are /nas/testsmb/sys' ACLs

ls -lV /nas/testsmb/
total 1
drwxrwxrwx+  3 frecover frecover       4 mar 17 10:01 sys
              everyone@:rwxpdDaARWcCos:fd----I:allow
                 group@:rwxpdDaARWcCos:fd----I:allow
                 owner@:rwxpdDaARWcCos:fd----I:allow
         group:frecover:rwxpdDaARWcCos:fd----I:allow
          user:frecover:rwxpdDaARWcCos:fd----I:allow

So, open to all to every operation.

>From a windows 11 PC I simply execute, inside a command prompt, a 

     dir > pippo.txt

command, the first time, when the file does not exist, it is created and written and it gets these ACLs

ls -lV /nas/testsmb/sys/
total 17
-rwxrwxr--+  1 frecover frecover     368 mar 17 10:04 pippo.txt
         group:frecover:rwxpdDaARWcCos:------I:allow
          user:frecover:rwxpdDaARWcCos:------I:allow
                 owner@:rwxp--aARWcCos:-------:allow
                 group@:r-----a-R-c--s:-------:allow
              everyone@:r-----a-R-c--s:-------:allow

For me it means that at least user frecover and owner can write and rewrite it, instead, if I execute a second dir > pippo.txt, when the file already exists, I get an ACCESS DENIED error, but I can delete the file and/or copy it elsewhere.

>From smb.log it shows that samba forbids its access

[2025/03/16 18:25:10.305235,  3] ../../source3/smbd/open.c:1446(open_file)
  open_file: Error opening file pippo.txt (NT_STATUS_ACCESS_DENIED) (in_flags=898) (flags=386)
[2025/03/16 18:25:10.305259, 10] ../../source3/smbd/open.c:6604(create_file_unixpath)
  create_file_unixpath: NT_STATUS_ACCESS_DENIED

So, either something is wrong in the way the share is configured and/or ACLs are assigned to it, or there is a problem in the way smbd is interacting with ACLs on OpenIndiana.

By the way, nas/testsmb/sys aclmode and aclinherit are both set to passthrough.

zfs get all nas/testsmb/sys | grep acl
nas/testsmb/sys  aclmode               passthrough            local
nas/testsmb/sys  aclinherit            passthrough            local
nas/testsmb/sys  aclimplicit           on                     default


If anyone finds any error on what I'm doing, I'd surely like to know it.

Best regards.

Maurilio.

> Il 13/03/2025 10:08 CET Maurilio Longo via openindiana-discuss <openindiana-discuss at openindiana.org> ha scritto:
> 
>  
> Hi all,
> 
> I have an old file server, running samba 3.x and I was planning to replace it with a newer unit running latest hipster.
> 
> I've installed samba with pkg install samba, and it installed samba version of 4.21.1, my /etc/samba/smb.conf file contains just a test share

More information about the openindiana-discuss mailing list