hello, i am having a bit of an issue when mounting a samba share with acl support.

samba client is debian
samba server is suse

johndoe is defined in both boxes.
johndoe is a member of smbusr group and it is defined in both boxes.
johndoe CAN access the filesystem when on suse, but when mounted from debian it does not work.

on suse:

$ ls -ld storage
drwxrwx---+ 19 root smbadm 4096 2007-01-17 22:43 storage

$ getfacl /storage
# file: storage
# owner: root
# group: smbadm
user::rwx
group::rwx
group:smbusr:r-x
mask::rwx
other::---

how come this setup does not work? is ACL not supported in smbfs?

Could you demonstrate how it doesn't work. I wonder if at the heart of the problem is that uid numbers on SuSE start at 1000 instead of 500. You may need to have the uid numbers match to have a user on two separate systems truly match the same user. I suspect that you are using user level security and are manually synchronizing Samba users to Linux users with smbclient. I think you may need to also have a users Linux uid match on the two systems.

I think that a domain or ldap based authentication would do this, but you need to do it manually. Don't misunderstand, I'm not suggesting you should use a different model. For a small network, it would be overkill.

Maybe someone else would have better information. Or I might be wrong and entering a password takes care of discrepencies. However, linux acls may be different animals than samba acls and and a little more work is needed to make sure that the linux user matches a samba user.

---

Parenthetically, if you have the kernel source installed, you might want to read the cifs.txt file in the kernel documentation. I seem to remember reading that cifs works better when the remote host is a linux or unix computer. Plus, smbfs may be depreciated in the future in favour of the cifs kernel module.

It looks like you are setting your ACLs with standard ACL calls ie. In this case they are a function of the file system-either it supports them or it doesn't. The filesystems that I use for this type of setup are reiser, xfs and ext3. And yes samba will honor the ACLs that are on those file systems.

The first thing that you need to consider is what jschiwal mentioned about different a different uid. Samba, to use it how you want, needs a common id mapping backend. That is to say that any client that opens a share on the server needs to look to that server (or whatever your authenticaton server is)for authentication of that user.

Using ldap is generally the way this is done but as jschiwal also said this overkill for what you want not to mention a steep learning curve.

Side stepping that for a moment, samba can deal with this issue in several ways depending on what you want for security. Perhaps the easiest and most convenient way if security isn't an issue is the chmod the shared directory to 777 and add the following to the smb.conf stanza that creates the share:
After that is to make the server a pdc and the workstation (as far as samba is concerned) a member server. This happens when you join it to the domain. Both of those go beyond the scope of this forum however John Terpstra has written a very easy to read and use tutorial at http://us1.samba.org/samba/docs/man/Samba-Guide.

Now that I've written all of that the thought occurs to me..is the workgroup = whatever in both smb.conf files the same? Is the password the same on both machines? If it's not that could help as well.

hth

thats what i thought was the issue so i made the UID's and GID's match as well as the usernames and groupnames. see i just don;t know if smbclient/smbfs supports mounting a share that has acl support. the funny thing is when i map from a windows machine it works.

i am using ext3 everywhere with acl support. workgroup is the same. password is the same. as for security, i basically just want a group of users that can read the share. but i also don't want just anyone reading the share.

i just used smbclient and this works. but when using smbmount or mount -t smbfs it does not work. comes up permission denied.

well it might be debian sarge that is having an issue. i was able to mount and read share from a slackware box.

I would suggest seeing if you have a samba-doc package you can install. If not go to the samba.org website and download the "Samba 3 Reference and HowTo" book. http://us1.samba.org/samba/docs/Samba3-HOWTO.pdf

Chapter 16 deals with windows and posix ACLs.