ACLs on 2.2.0-alpha3 with Solaris

[Bennett, Steve]

Hi

I'm trying out samba-2.2.0-alpha3 on a Solaris 8 box.

When I look at the ACL for a file from a windows 2000 client I see the ACL, but
the usernames only appear as SIDs, rather than names. What can I do (if
anything) to have things map symbolically? Both the Samba server and the
Windows 2000 client are members of an NT4 domain.

The entries I get look like:
  S-1-5-21-2312677546-2206475282-1659886641-121004
  S-1-5-21-2312677546-2206475282-1659886641-2260
  S-1-5-21-2312677546-2206475282-1659886641-1003
which by my calculations map (correctly) to uid 60002 (nobody), uid 630 (my
local username) and gid 1 (other). So samba is correctly mapping uid/gid->SID,
but not the other way round.

If I put some entries into smbpasswd (which I've not needed before), I see some
users listed if I try to add things to the ACL, but it has no effect on the
filesystem and samba reports:
[2001/04/03 12:32:21, 0, pid=17548]
smbd/posix_acls.c:create_canon_ace_lists(622)
  create_canon_ace_lists: unable to map SID
S-1-5-352321536-2863192201-304383107-836562786-2899837184 to uid or gid.

Which looks like a pretty weird SID - perhaps something is being mangled when
windows2000 sends a SID to samba?

Just on a whim, I tried converting the SIDs into hexadecimal, and things make
more sense:
my machine sid (in hex) is 1-5-15-89d8a8aa-83842412-62efdc31
the weird sid reported in the log file is
1-5-15000000-aaa8d889-12248483-31dcef62-acd80100

So is this a byte ordering problem?
I don't know enough about the samba internals to try and fix this myself, but
it doesn't sound like it should be too hard.

I still don't understand the RID at the end - the uid of the user I tried to
add to the ACL was 566, but maybe other stuff is mangling it too...

--
Steve Bennett