[Samba] ACLs on client Samba machines with Samba PDC.

Ken D'Ambrosio kend at employees.org
Thu Jul 25 06:34:02 GMT 2002 

On Thu, 25 Jul 2002, Buchan Milne wrote:

> > I've got a Samba box (2.2.5a) as a member of a Samba domain.  Both
> > the PDC
> [...]
> It turns out that on member servers, you can apply ACLs using the
> "machine domain" (but for some reason, I only get groups, and not users
> here?), but not the domain it is a member of.

Ah!  So I'm not going insane.  Thanks much for the pointers!  For the time
being, I've given up; I'll go with machine-based ACLs, and hope that 3.x
manages to address it before it becomes a larger issue for me.

Thanks for the input!

-Ken

> You will probably notice that the permissions visible in the security
> properties box list the users/groups on the "machine domain" instead of
> the domain (in my case, BGMILNE-MDK83\bgmilne instead of CAE\bgmilne).
>
> In the logs you will see that when you try and add ACLs with users from
> the domain, samba fails to map the SID+RID from the domain to a uid.
> This may require winbind-type functionality, or it may just be a bug
> (and one worth fixing soon!).
>
> | Am I doing something dumb, or is this an oversight/glitch/bug?
>
> Seems like a bug, but I'm not sure it can work without winbind (and thus
> a Windows DC) or with 2.2. Hopefully it works in HEAD, and hopefully 3.0
> will be out soon.
>
> Just FYI, I am running 2.2.5 with LDAP on the DC, and 2.2.5 without LDAP
> on the member server. I hope ACLs work on an LDAP BDC, since we'll be
> putting one in next week ...
>
> Buchan
>
> - --
> |----------------Registered Linux User #182071-----------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
> Stellenbosch Automotive Engineering         http://www.cae.co.za
> GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
> 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE9P+0hrJK6UGDSBKcRAn8ZAKCRYKtiEHWc2HbFFdWlTZzgcOaKvwCgw2cK
> zpnqnot0LfvCv2HuiNUVZFc=
> =BGrf
> -----END PGP SIGNATURE-----
>
>

More information about the samba mailing list