[PATCH] Patches required for POSIX ACL support of GPOs
Matthieu Patou
mat at samba.org
Fri May 11 07:18:49 MDT 2012
Steve,
> Yes of course. Sorry. Here are the steps I used as root in /data:
>
> mkdir reports
> chmod 0770 reports
> chgrp staff reports
At the risk of repeating this 1000 time, the staff group has NO
existance in windows so when s3fs/winbind map it to a SID it will mapped
to a domain that is not the domain of your AD forest.
In order to be more clearer, on my system I have:
grep staff /etc/group
staff:x:50:
If I search in idmap.ldb for this xidnumber there is 0 results:
/ldbsearch -H ~/workspace/samba/rodc_mat/private/idmap.ldb
(xidnumber=50)
It's because we don't map all the existing unix group and users to
domain SIDs, we do for just a couple of them namely:
* nogroup to anonymous (S-1-5-7)
* root to administrator (domainsid-500)
* adm to administrators(S-1-5-32-544)
* users to domain users (domainsid-513)
So if you want to have a chance of having this working you need to
understand this and grant rights on linux side to gid that samba knows
how to map back to SID !
As far as I'm concerned I'll ignore you very soon and won't get any more
feedback and support from me (and I suppose it will the case from some
others too) if you keep asking the same questions without trying to
understand what we try to answer you. We might be not clear and you are
free to ask some precision but you have to show us that you started some
reflexion on the subject.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list