Dear all, I am struggling around with Windows ACLs and cannot find a solution nor how to troubleshoot that. I have two samba3 hosts. Hostname "donald" is my domain controller with samba 3.x + OpenLDAP server running. Hostname "pluto" is my other samba 3.x server which was joined to my domain. I use LDAP for my users+groups. I dont have winbind on my machines. On hostname "pluto" I have a share in smb.conf which says:
[free4all] path = /data/free4all read only = No create mask = 0777 directory mask = 0777 vfs object = acl_xattr nt acl support = yes dos filemode = yes "testparm -s -a -v |grep acl" shows me: acl compatibility = auto acl check permissions = Yes acl group control = No acl map full control = Yes force unknown acl user = No inherit acls = No nt acl support = Yes profile acls = No map acl inherit = No vfs objects = acl_xattr force unknown acl user = Yes On a windows client I am right-clicking on \\pluto\free4all\subdir and choose the "Security" tab. I see a user called "Everyone" and a user without username, but only SID number. The SID is S-1-5-21-blablabla-1234567-blabla-500. I manually checked this SID at my LDAP database. Funnily I have two users with this same SID, one is called "root" and the is called "admin". Weird, but not important imho at this point. Back on the windows client, inside the "Security" tab, I click on "Add" and choose a user of my Domain Users. I see him in the list. But as soon as I click "Apply" on this window, the user disappears from the security tab list. The logfile at samba-server hostname=pluto outputs: [2013/05/14 15:48:08.861822, 0] smbd/posix_acls.c:1755(create_canon_ace_lists) create_canon_ace_lists: unable to map SID S-1-5-21-1062190697-4189521229-2202214947-129762 to uid or gid. This SID was the user I tried to add. Why does this not work and how should I fix or even troubleshoot that? I really need some assistance, I have no clue what else to try. Thanks to everyone. Lucas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba