[Samba] Cannot add/modify ACL through windows client

Tue, 14 May 2013 07:12:32 -0700 

Dear all,

I am struggling around with Windows ACLs and cannot find a solution nor how to 
troubleshoot that. I have two samba3 hosts. Hostname "donald" is my domain 
controller with samba 3.x + OpenLDAP server running. Hostname "pluto" is my 
other samba 3.x server which was joined to my domain. I use LDAP for my 
users+groups. I dont have winbind on my machines. On hostname "pluto" I have a 
share in smb.conf which says:

[free4all]
path = /data/free4all
read only = No
              create mask = 0777
              directory mask = 0777
              vfs object = acl_xattr
              nt acl support = yes
              dos filemode = yes

"testparm -s -a -v |grep acl" shows me:

acl compatibility = auto
        acl check permissions = Yes
        acl group control = No
        acl map full control = Yes
        force unknown acl user = No
        inherit acls = No
        nt acl support = Yes
        profile acls = No
        map acl inherit = No
        vfs objects = acl_xattr
        force unknown acl user = Yes

On a windows client I am right-clicking on \\pluto\free4all\subdir and choose 
the "Security" tab. I see a user called "Everyone" and a user without username, 
but only SID number. The SID is S-1-5-21-blablabla-1234567-blabla-500.  I 
manually checked this SID at my LDAP database. Funnily I have two users with 
this same SID, one is called "root" and the is called "admin". Weird, but not 
important imho at this point. 

Back on the windows client, inside the "Security" tab, I click on "Add" and 
choose a user of my Domain Users. I see him in the list. But as soon as I click 
"Apply" on this window, the user disappears from the security tab list. The 
logfile at samba-server hostname=pluto outputs:

[2013/05/14 15:48:08.861822,  0] smbd/posix_acls.c:1755(create_canon_ace_lists)
  create_canon_ace_lists: unable to map SID 
S-1-5-21-1062190697-4189521229-2202214947-129762 to uid or gid.

This SID was the user I tried to add. Why does this not work and how should I 
fix or even troubleshoot that? I really need some assistance, I have no clue 
what else to try. Thanks to everyone.

Lucas.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to