Good morning, Samba List,
I'm setting ACLs from the security tab of the properties window of a folder
via a Windows XP SP2 client. The Samba share in question is running on 3.0.11 with an ext3 file system and Fedora Core 3 underneath. All this
works great -- I can set up ACLs beautifully from Windows and when I check them out with getfacl on the Linux side, the results make sense to me.
However, when I close and re-open the properties window, the two
groups I've set up ACLs for -- AD\salesgroup and AD\marketinggroup --
show up only as SIDs (S-bignumber-with-hyphens). Which, of course, is confusing.
I've appended the output of getfacl, the relevant part of "getent group",
and my smb.conf file. Thanks for any thoughts on this. I could certainly just write this up as a frustrating quirk that will "hopefully be fixed soon," but of course I'd rather present the fix!
Is there some way in which Samba might not be correctly mapping SIDs back to names upon request from the client?
Thanks again!
GETFACL OUTPUT:
[EMAIL PROTECTED] ~]# getfacl /research # file: research # owner: AD\134salesperson1 # group: root user::rwx group::--- group:10012:rwx group:10015:r-x mask::rwx other::--- default:user::rwx default:group::--- default:group:10012:rwx default:group:10015:r-x default:mask::rwx default:other::---
GETENT GROUP OUTPUT:
AD\domain computers:x:10003: AD\domain controllers:x:10002: AD\schema admins:x:10005:AD\administrator AD\enterprise admins:x:10006:AD\administrator AD\domain admins:x:10007:AD\administrator AD\domain users:x:10000: AD\domain guests:x:10001: AD\group policy creator owners:x:10004:AD\administrator AD\dnsupdateproxy:x:10013: AD\cheaters:x:10014: AD\salesgroup:x:10012:AD\salesperson2,AD\salesperson1 AD\marketinggroup:x:10015:AD\marketperson2,AD\marketperson1 AD\hrgroup:x:10016:AD\hrperson2,AD\hrperson1
MY SMB.CONF FILE:
[global]
log level = 3
log file = /var/log/samba/%m.log
# Use CUPS for all back end printing chores
printing = cups
printcap = cups
load printers = yes
idmap gid = 10000-20000
map acl inherit = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
admin users = AD\Administrator
printer admin = AD\Administrator
# winbind trusted domains only = yes
encrypt passwords = YES
realm = AD.CORP.COM
template shell = /bin/bash
dns proxy = no
cups options = raw
server string = Samba Server
idmap uid = 10000-20000
workgroup = AD
printcap name = /etc/printcap
security = ads
max log size = 50 winbind use default domain = no
password server = windc1.ad.corp.com
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
guest ok = no
comment = All Printers
printable = yes
writable = no
path = /var/spool/samba[research]
comment = Research Files, Sales Writes, Marketing Reads
writeable = yes
path = /research[print$]
comment = Printer Drivers for Windows
path = /usr/local/samba/windrivers
write list = AD\administrator--
Thomas Boutell
Boutell.Com, Inc. http://www.boutell.com/
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
