Another ACL question :-)

Matthew Geier matthew at
Wed Jul 18 05:35:18 GMT 2001

2.2.1a on a Linux 2.4.7pre6-XFS system

 The machine is NOT the domain controler. The client is Win2k (no

 I have 'security = domain' in th smbd conf. I can connect with
security=server as well. The 'PDC' is a samba 2.2.0 machine.

 From the windows security dialog - I cannot add ACLs for users of the
domain. If I have security=server, windows shows the current 'ACL' for
the file, but when you try to add one, a message appears that it cannot
tell if my test server is in the domain.
 With security=domain it gets further, allowing me to select a user
(from the smbpasswd file - not all our users are in it on the 'PDC'), I
get to edit what arributes they have, but when I OK that selection, it
is not saved, only the orginal list (user, group, other) are shown.
While the test server is not the PDC it does have a copy of the password
file from the 'PDC' on it.

 If I use chacl to add another user ACL to the file, windows does
display this fact (as a user of the server not the domain). I can add or
substract various attributes for this user.

 If I used the windows dialog and select the server for the list of
names to add, it only shows groups. No users are listed. (I just copied
smbpasswd of my 'PDC' and it now lets me add users that are in
 chacl lists the added users and groups as I expect.

 I actually have no need for ACLs from samba. This is just for my own
education :-)

Matthew Geier			matthew at
Arts IT Unit			+61 2 9351 4713
Sydney University

More information about the samba-technical mailing list