[Samba] ACLs and samba
John H Terpstra
jht at samba.org
Tue Nov 18 15:16:52 GMT 2003
On Tue, 18 Nov 2003, Marius [iso-8859-1] Grannæs wrote:
> Marius Grannæs:
> > Hi,
> >
> > I'm having trouble getting ACLs and samba to work on solaris. In a unix
> > shell I can set and get the ACLs with setfacl and getfacl just fine.
> > Connecting with a window machine (w2000/w2003) to samba lets me
> > list the ACLs and even modify them. The problem is creating new
> > ACLs. In the logs I get
> >
> > 20031029/local2.error:Oct 29 16:30:11 test1 smbd[5417]: [ID 702911
> > local2.error] create_canon_ace_lists: unable to map SID
> > S-1-5-21-3959417778-1711865379-3952174976-20920 to uid or gid.
> >
> > Seems to me there is a problem mapping from Windows SIDs to Unix uid. Reading
> > the documentation, winbind seems to be the only solution to this problem.
> > But I don't wish to use winbind as I allready have syncronized accounts
> > on both windows and unix. Though looking at the code it seems to me
> > that this is the only option available.
> >
> > Any ideas?
>
> Some more information:
>
> I'm running samba 3.0.0 with the following setup:
>
> security = domain
> nt acl support = yes
You will need to use current CVS samba-3.0.1pre3.
Suggest you add to smb.conf [globals]:
winbind trusted domains only = Yes
Then run winbindd. This was added to solve the problem you are seeing.
- John T.
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list