Hi ceph-users,
I'm having problems with ACLs and vfs_ceph. I'm not sure this is the right list for those questions, please direct me elsewhere or just tell me to bugger off if I'm in the wrong place.
I am running a Samba 4.7 domain controller connecting to a nautilus ceph cluster. I am using proxmox for the ceph cluster and Zentyal for managing the samba domain. I am not able to set the permissions for the share within Computer Management
My smb.conf share settings block is:
[data2]
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Users", @"Domain Admins", @"Domain Admins"
read list =
write list = @"Domain Users", @"Domain Admins"
admin users = @"Domain Admins"
vfs objects = acl_xattr full_audit
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
map acl inherit = yes
store dos attributes = yes
vfs objects = ceph
path = /new/
kernel share modes = no
ceph:config_file = /etc/ceph/ceph.conf
ceph:user_id = admin
(I know - I will shange the user from admin as soon as I have a working setup!)
The settings are similar share (set up by the Zentyal UI) that allows me to set permissions correctly:
[test]
path = /home/samba/shares/test
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Admins", @"Domain Admins"
read list =
write list = @"Domain Admins"
admin users = @"Domain Admins"
vfs objects = acl_xattr full_audit recycle
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
When trying to, for instance, add full control permissions for a user in Computer Management I get "Failed to enumerate objects in the container. Access is denied." / "Unable to change permission changes [..] Access denied.".
I am logged in as administrator when trying to change the permissions and this is (an extract) of the error in the samba.log
[2019/09/07 15:57:14.656361, 2] ../source3/smbd/posix_acls.c:3008(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file . (Operation not supported).
[2019/09/07 15:57:14.656435, 3] ../source3/smbd/posix_acls.c:3093(convert_canon_ace_to_posix_perms)
convert_canon_ace_to_posix_perms: Too many ACE entries for file . to convert to posix perms.
[2019/09/07 15:57:14.656472, 3] ../source3/smbd/posix_acls.c:3986(set_nt_acl)
set_nt_acl: failed to convert file acl to posix permissions for file ..
[2019/09/07 15:57:14.656511, 3] ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_setinfo.c:132
[2019/09/07 15:57:18.042643, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
smbd_do_query_security_desc: sd_size = 120.
[2019/09/07 15:57:18.043643, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
smbd_do_query_security_desc: sd_size = 76.
[2019/09/07 15:57:18.045086, 2] ../source3/smbd/posix_acls.c:3008(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file . (Operation not supported).
[2019/09/07 15:57:18.045171, 3] ../source3/smbd/posix_acls.c:3093(convert_canon_ace_to_posix_perms)
convert_canon_ace_to_posix_perms: Too many ACE entries for file . to convert to posix perms.
[2019/09/07 15:57:18.045208, 3] ../source3/smbd/posix_acls.c:3986(set_nt_acl)
set_nt_acl: failed to convert file acl to posix permissions for file ..
[2019/09/07 15:57:18.045248, 3] ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_setinfo.c:132
[2019/09/07 15:57:19.016012, 3] ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
[ 6733]: request interface version (version = 29)
[2019/09/07 15:57:19.016349, 3] ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
Any pointers would be great!
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
