I am running a Samba Box as a Domain Member in a Windows ADS Domain (Windows Server 2003). The Box has joined the ADS domain and the kerberos authentication works, I can see "smbd" processes running with AD user accounts. But I can not set ACLs on the directories or the files located on the share. If I change them using Windows Explorer, they either will be ignored by samba, or I get the Message: Unable to save Permission Changes on [Directory] The parameter is incorrect This message comes if I want to grant "Full Control" permissions on files or directories. I am not the in depth pro configuring samba, so maybe I did some configuration mistakes. I read about an ACL patch for samba. I did not build samba from the sources, I installed the packages and updates supplied by the OpenSUSE 11.3 distro.
My smb.conf file looks like this: ------------------------------------------------ [global] workgroup = [MyDomain] security = ADS realm = [My.Kerberos.Realm] password server = pdc.emulator.at.my.domain server string = %L server (OpenSUSE, Samba) dns proxy = No disable spoolss = Yes show add printer wizard = No map to guest = Bad User domain logons = No domain master = No local master = No netbios name = [ThisServersName] wins support = No client use spnego = Yes idmap uid = 15000 - 25000 idmap gid = 15000 - 25000 template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind use default domain = Yes winbind refresh tickets = Yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes acl group control = Yes acl map full control = True ntlm auth = No lanman auth = No interfaces = bond0 log level = 3 acls:5 winbind:5 [groups] comment = All groups path = /raid read only = No inherit acls = Yes force directory security mode = 0770 admin users = [MyDomain]\[DelegatedAdminUser] hide dot files = Yes hide unreadable = Yes ------------------------------------------------ Can anyone figure out where the problem is. Do I need to compile from source and include some patches, or is the configuration the problem. I did no group or user bindings with the "net" command. Best Regards, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba