[Samba] Re: samba digest, Vol 1 #1924 - 22 msgs
Tom H
hallewellt at rfa.org
Thu Nov 28 20:28:02 GMT 2002
I had a similar issue on my Debian box. It seemed that setfacl didn't
care for special characters. I changed the separator character to -
(dash) instead of + or \ and it worked fine.
Good luck!
Tom Hallewell
Radio Free Asia
Washington DC USA
>
> (offlist replies discontinued due to increasing large number of people
> involved)
>
> Gareth Davies wrote:
> > Shouldn't you be setting setfacl -m DOMAIN+andrewfu:rwx myfile ?
>
> I tried that, but it didn't work:
>
> setfacl: Option -m: Invalid argument near character 1
>
> I also tried escaping/quoting the + in various ways, replacing with \ or
> /, etc. No joy.
>
> Tom Hallewell wrote:
> > You should be able to find the server in W2K's server manager and
> > confirm that it is a trusted member of the Domain. It sounds like
> > smbd isn't linking to the acl libs-have you run ldd to see if
> > you are linking to libacl.so.1? My recent problem was similar and I
> > found that I wasn't compiling against the acl libs.
> [snip various deb-src specific instructions]
>
> a) I presume I should be looking in Active Directory Users & Computers
> -> domain -> Computers -> smbserver name ?
> If so, it's listed as a WinNT 4 "workstation or server", as a member of
> Domain Computers (we're in a mixed domain, not native, so that makes
> sense to me).
>
> b) (grepped for brevity)
> $ ldd /usr/local/samba/bin/smbd | grep -i acl
> libacl.so.1 => /lib/libacl.so.1 (0x40015000)
>
> $ nm /usr/local/samba/bin/smbd | grep -i acl | wc
> 88 244 2655
>
> c) The Debian compilation instructions aren't used, since 2.2.7 isn't
> available yet so I'm compiling from the tarball. However I used the
> following configure line:
>
> configure --disable-nls --with-acl-support=yes
> --with-configdir=/etc/samba --with-logfilebase=/var/log/samba
>
> That way I can have the Debian 2.2.3a-12 (or whatever it is) and the
> 2.2.7 compiled ones use the same logfiles and config files.
>
> David Pullman wrote:
> > A thought that occurs to me when looking at the two ways of
> > displaying the name above is that I've heard that a W2K domain will
> > record machine name more like a dns domain (with its emphasis on ddns
> > and all that). So it makes me wonder if you have a W2K PDC.
> >
> > We're using an NT PDC still with a mix of W2K and NT 40 clients (we
> > have a half dozen BDCs and about 500 windows clients, and a couple of
> > hundred mixed UNIX platform clients). All of our file servers are
> > samba on solaris. So we only see something like andrewfu
> > (SMBSERVERNAME\andrewfu) on a NT security dialog acl. On a setfacl
> > on the UNIX side it is stictly username, the UNIX systems have no
> > idea about the NT domain. This is of course excepting the samba
> > server itself, which has security = domain. This lets a user map a
> > drive using their NT passwd, which might be different than their NIS
> > passwd.
>
> The test machine here is a fairly standard / minimal install of W2k
> server, which seems to be workign as expected otherwise (although I
> haven't had much experience with W2k, and I don't have any other W2k
> machines around to test.
>
> Your thoughts about the usernames seems to make sense, except, does that
> mean that the Windows ACL dialog will _always_ show the UNIX username? I
> would have thought that the username mapping would apply to that part
> also. Although admittedly, if one UNIX name maps to more than one
> Windows name, there would be problems... although it won't, in my case.
>
> Hopefully the mapping can be worked out in some way... the system will
> have ~500 users, and given that 50% - 75% of them are
> username-map-required style names, it would get mighty annoying mighty
> fast, trying to map them in your head...
>
> (phew!)
>
> --
> ANDREW FUREY <andrew at terminus.net.au> - Sysadmin/developer for Terminus.
> Providing online networks of Australian lawyers (http://www.ilaw.com.au)
> and Linux experts (http://www.linuxconsultants.com.au) for instant help!
> Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++
More information about the samba
mailing list