[OpenIndiana-discuss] samba4
maurilio.longo at libero.it
maurilio.longo at libero.it
Mon Mar 17 09:30:21 UTC 2025
Hi again,
sorry for continuing my ramblings, but I've spent hours trying to make it work, I've even used Grok's help to find a cause for my problems, but all was in vain.
This is my latest smb.conf
[global]
log level = 10
server role = standalone server
workgroup = WORKGROUP
netbios name = SAMBA4
passdb backend = smbpasswd
[test]
path = /nas/testsmb/sys
read only = no
writeable = yes
force user = frecover
force group = frecover
guest ok = no
vfs objects = zfsacl
I'm using zfs ACLs, as per Grok suggestion, and these are /nas/testsmb/sys' ACLs
ls -lV /nas/testsmb/
total 1
drwxrwxrwx+ 3 frecover frecover 4 mar 17 10:01 sys
everyone@:rwxpdDaARWcCos:fd----I:allow
group@:rwxpdDaARWcCos:fd----I:allow
owner@:rwxpdDaARWcCos:fd----I:allow
group:frecover:rwxpdDaARWcCos:fd----I:allow
user:frecover:rwxpdDaARWcCos:fd----I:allow
So, open to all to every operation.
>From a windows 11 PC I simply execute, inside a command prompt, a
dir > pippo.txt
command, the first time, when the file does not exist, it is created and written and it gets these ACLs
ls -lV /nas/testsmb/sys/
total 17
-rwxrwxr--+ 1 frecover frecover 368 mar 17 10:04 pippo.txt
group:frecover:rwxpdDaARWcCos:------I:allow
user:frecover:rwxpdDaARWcCos:------I:allow
owner@:rwxp--aARWcCos:-------:allow
group@:r-----a-R-c--s:-------:allow
everyone@:r-----a-R-c--s:-------:allow
For me it means that at least user frecover and owner can write and rewrite it, instead, if I execute a second dir > pippo.txt, when the file already exists, I get an ACCESS DENIED error, but I can delete the file and/or copy it elsewhere.
>From smb.log it shows that samba forbids its access
[2025/03/16 18:25:10.305235, 3] ../../source3/smbd/open.c:1446(open_file)
open_file: Error opening file pippo.txt (NT_STATUS_ACCESS_DENIED) (in_flags=898) (flags=386)
[2025/03/16 18:25:10.305259, 10] ../../source3/smbd/open.c:6604(create_file_unixpath)
create_file_unixpath: NT_STATUS_ACCESS_DENIED
So, either something is wrong in the way the share is configured and/or ACLs are assigned to it, or there is a problem in the way smbd is interacting with ACLs on OpenIndiana.
By the way, nas/testsmb/sys aclmode and aclinherit are both set to passthrough.
zfs get all nas/testsmb/sys | grep acl
nas/testsmb/sys aclmode passthrough local
nas/testsmb/sys aclinherit passthrough local
nas/testsmb/sys aclimplicit on default
If anyone finds any error on what I'm doing, I'd surely like to know it.
Best regards.
Maurilio.
> Il 13/03/2025 10:08 CET Maurilio Longo via openindiana-discuss <openindiana-discuss at openindiana.org> ha scritto:
>
>
> Hi all,
>
> I have an old file server, running samba 3.x and I was planning to replace it with a newer unit running latest hipster.
>
> I've installed samba with pkg install samba, and it installed samba version of 4.21.1, my /etc/samba/smb.conf file contains just a test share
More information about the openindiana-discuss
mailing list