[Samba] Another Samba+ACLs thread

David Pullman dpullman at cme.nist.gov
Wed Nov 27 03:47:00 GMT 2002


Andrew Furey wrote:

>>> The problem arises when I try to change them from W2k. It silently 
>>> fails (from 2k's point of view), but in the log files I see 
>>> something like "unable to map SID [blah] to uid or gid".
>>
> >
>
>> Is the win2k user the owner (in the unix sense) of the file. ?
>>
>> Even though you have ACL's only the owner or root can actually change 
>> them.
>
>
> Via username mapping, yes (we're a member server in a 2k mixed domain, 
> but that side of things seems to be working).
>
> On further investigation, it appears that I _can_ modify existing 
> ACLs, and I can even remove them (users, at least); but I can't add 
> users to the ACL, which is what I really need.
>
Andrew,

It may be that my post yesterday is about the same issue.  I've noted 
that according to the log.nmbd that I have the same error.  I can edit 
the perms on acl entries, or delete an acl entry, but cannot add a user 
to a list from the w2k side (I can of course use setfacl from the unix 
clients of the file server or on the server itself).

My tests also were done as the owner of the file.  In fact, our NT 
domain and NIS passwd have identical user names.  It just can't 
determine the uid of the user from the machine SID+RID.

Dave





More information about the samba mailing list