[Samba] Re: samba digest, Vol 1 #1924 - 22 msgs

[Tom H]

I had a similar issue on my Debian box.  It seemed that setfacl didn't
care for special characters.  I changed the separator character to -
(dash) instead of + or \ and it worked fine.
Good luck!
Tom Hallewell
Radio Free Asia
Washington DC USA


> 
> (offlist replies discontinued due to increasing large number of people
> involved)
> 
> Gareth Davies wrote:
>  > Shouldn't you be setting setfacl -m DOMAIN+andrewfu:rwx myfile ?
> 
> I tried that, but it didn't work:
> 
> setfacl: Option -m: Invalid argument near character 1
> 
> I also tried escaping/quoting the + in various ways, replacing with \ or
> /, etc. No joy.
> 
> Tom Hallewell wrote:
>  > You should be able to find the server in W2K's server manager and
>  > confirm that it is a trusted member of the Domain. It sounds like
>  > smbd isn't linking to the acl libs-have you run ldd to see if
>  > you are linking to libacl.so.1? My recent problem was similar and I
>  > found that I wasn't compiling against the acl libs.
> [snip various deb-src specific instructions]
> 
> a) I presume I should be looking in Active Directory Users & Computers
> -> domain -> Computers -> smbserver name ?
> If so, it's listed as a WinNT 4 "workstation or server", as a member of
> Domain Computers (we're in a mixed domain, not native, so that makes
> sense to me).
> 
> b) (grepped for brevity)
> $ ldd /usr/local/samba/bin/smbd | grep -i acl
>          libacl.so.1 => /lib/libacl.so.1 (0x40015000)
> 
> $ nm /usr/local/samba/bin/smbd | grep -i acl | wc
>       88       244     2655
> 
> c) The Debian compilation instructions aren't used, since 2.2.7 isn't
> available yet so I'm compiling from the tarball. However I used the
> following configure line:
> 
> configure --disable-nls --with-acl-support=yes
> --with-configdir=/etc/samba --with-logfilebase=/var/log/samba
> 
> That way I can have the Debian 2.2.3a-12 (or whatever it is) and the
> 2.2.7 compiled ones use the same logfiles and config files.
> 
> David Pullman wrote:
>  > A thought that occurs to me when looking at the two ways of
>  > displaying the name above is that I've heard that a W2K domain will
>  > record machine name more like a dns domain (with its emphasis on ddns
>  > and all that).  So it makes me wonder if you have a W2K PDC.
>  >
>  > We're using an NT PDC still with a mix of W2K and NT 40 clients (we
>  > have a half dozen BDCs and about 500 windows clients, and a couple of
>  >  hundred mixed UNIX platform clients).  All of our file servers are
>  > samba on solaris.  So we only see something like andrewfu
>  > (SMBSERVERNAME\andrewfu) on a NT security dialog acl.  On a setfacl
>  > on the UNIX side it is stictly username, the UNIX systems have no
>  > idea about the NT domain.  This is of course excepting the samba
>  > server itself, which has security = domain.  This lets a user map a
>  > drive using their NT passwd, which might be different than their NIS
>  > passwd.
> 
> The test machine here is a fairly standard / minimal install of W2k
> server, which seems to be workign as expected otherwise (although I
> haven't had much experience with W2k, and I don't have any other W2k
> machines around to test.
> 
> Your thoughts about the usernames seems to make sense, except, does that
> mean that the Windows ACL dialog will _always_ show the UNIX username? I
> would have thought that the username mapping would apply to that part
> also. Although admittedly, if one UNIX name maps to more than one
> Windows name, there would be problems... although it won't, in my case.
> 
> Hopefully the mapping can be worked out in some way... the system will
> have ~500 users, and given that 50% - 75% of them are
> username-map-required style names, it would get mighty annoying mighty
> fast, trying to map them in your head...
> 
> (phew!)
> 
> --
> ANDREW FUREY <andrew at terminus.net.au> - Sysadmin/developer for Terminus.
> Providing online networks of Australian lawyers (http://www.ilaw.com.au)
> and Linux experts (http://www.linuxconsultants.com.au) for instant help!
> Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++