--with-vfs and ACLs problem

Richard Sharpe rsharpe at ns.aus.com
Thu Jun 20 10:16:02 GMT 2002

On Thu, 20 Jun 2002, Nir L wrote:

> I am using samba 2.2.0 without winbind, using security = server.
> The samba server is NOT a PDC.
> I've set its password server to my PDC.
> I am writing an extention to samba, in order to let it get the ACL's of the shared files from an external security managment product. The security management product decides which DOMAIN users are authorized to which files.
> The users belong to my NT_DOMAIN.
> I replace the fget_nt_acl and get_nt_acl functions, in order to return the acl's according to the management product.
> The SID's that I return from these functions seem to be OK (I've checked them with several utilities)/
> But somehow, when I choose file->properties->security, I can see the correct SID's , but the SID's are NOT TRANSLATED to the account names in my domain. They remain in their SID form (similar to an SID of a deleted user, if you've ever seen it...)
> This happen both on Win2K clients and WinNT 4.0 clients with the latest service packs.
> Can anyone help me ?

I've seen this happen ... now, let me think, why was that. Are you sure 
they are domain sids and not local sids? 

Your samba server is a member of the domain? The client should ask the DC 
to translate the SIDs to names.

I can't remember exactly why that was happening now, but I've seen it :-)

Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list