Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7226: No longer able to run executable files after upgrading to Stock samba 4 and Centrify adbindproxy

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

23 July,16 at 08:30 PM

Applies to:

Centrify Adbindproxy 5.3.0 on All Platforms with Stock Samba 4


Problem:

After upgrading to Stock samba 4 and installing Centrify adbindproxy, batch scripts and executable files that reside on the samba share are no longer able to be run from the Windows machine.


Cause:

This issue is NOT related to Centrify or Centrify Adbindproxy. 

This issue occurs because of the 'acl allow execute always' parameter has been changed from 'yes' to 'no' in Samba 4.

Please see the entry for 'acl allow execute always' in the man page for 'smb.conf' for further information:

acl allow execute always (S)

This boolean parameter controls the behaviour of smbd(8) when
receiving a protocol request of "open for execution" from a Windows
client. With Samba 3.6 and older, the execution right in the ACL
was not checked, so a client could execute a file even if it did
not have execute rights on the file. In Samba 4.0, this has been
fixed, so that by default, i.e. when this parameter is set to
"False", "open for execution" is now denied when execution
permissions are not present.

If this parameter is set to "True", Samba does not check execute
permissions on "open for execution", thus re-establishing the
behaviour of Samba 3.6. This can be useful to smoothen upgrades
from older Samba versions to 4.0 and newer. This setting is not
meant to be used as a permanent setting, but as a temporary relief:
It is recommended to fix the permissions in the ACLs and reset this
parameter to the default after a certain transition period.

Default: acl allow execute always = no



Workaround:

Fix the permissions in the ACLs on the share itself or set the 'acl allow execute always = True'

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles