[Samba] cifsacl not working
Rowland penny
rpenny at samba.org
Thu Sep 24 17:06:22 UTC 2020
On 24/09/2020 17:18, Ken Bass via samba wrote:
> On 9/24/20 12:10 PM, Rowland penny via samba wrote:
>> On 24/09/2020 16:58, Ken Bass via samba wrote:
>>> On 9/24/20 11:51 AM, Aurélien Aptel wrote:
>>>> The request-keys config looks right.
>>>>
>>>> You can check if winbind is properly configured trying to map with the
>>>> winbind CLI client called wbinfo. For example:
>>>>
>>>> # wbinfo -i NUC\\administrator
>>>> NUC\administrator:*:20501:20514::/home/NUC/administrator:/bin/bash
>>>> ^^^^^ ^^^^^
>>>> uid gid
>>>>
>>>> Cheers,
>>>
>>> # wbinfo -i MYDOM\\user
>>> user:*:1001:1001::/home/user:/bin/bash
>>>
>>> Those uid/gid are correct. They match the server and also match the
>>> uid/gid in the AD for the user.
>>> It seems everything is working except for the cifsacl id mapping part.
>>
>> I am beginning to think you are running Samba as a standalone server
>> in an AD domain, if so, why ?
>>
>> As I said, posting your smb.conf will prove this.
>>
>> Rowland
>>
>>
>>
> I already did that, two posts ago. Did it not make it to the list - I
> see it.
> Server role: ROLE_DOMAIN_MEMBER
>
> i have 'winbind use default domain = Yes ' enabled if that is what you
> are getting at.
OOOPs, missed it :-[
OK, you are using users & groups in the 1000-29999 range, why ? could it
be that you have the same users in /etc/passwd and AD ?
You are using 'cifsacls' and this calculates a 32 bit ID from the SID,
so it is unlikely your users are getting the same ID from Samba and
cifsacls, I get the feeling that you use one or the other, not both :-\
Rowland
More information about the samba
mailing list