[Samba] ACL behavior

Hall, Ken (IDS ECCS) KeHall at exchange.ml.com
Tue Apr 1 19:07:13 GMT 2003

I've been doing some testing with Samba 2.2.5 and ACL's under ext3, and everything seems to work as I need except when I try to add an ACL from Windows.

We're not using winbind because we need consistent UID's across servers.  We have a central LDAP directory with everyone in it, and use nss_ldap to resolve users and UID numbers.  We're authenticating
against a Windows 2000 cluster though.

When I set an ACL from Linux via the setfacl command, the ACL shows properly in the Windows "security" box.  It shows up as (for example) "lnxsles8/kehall" with the right permissions (lnxsles8 being
the Samba server).  But if I try to ADD an ACL, it can only find users from the domain directory.  Since all of the users are in the domain, I can assign permission using the corresponding ID from the
cluster ("NYC1/kehall", for example), but that triggers auto-assignment of a UID via Winbind, but since we're not using nss_winbind, the ACL ends up containing an unresolvable UID number.  If I
disable Winbind, I can't add the ACL at all.

Curiously, the security dialog DOES list the Linux groups from the LDAP directory.  It just doesn't seem to find the users.

Is there any way to get Samba (or Windows) to look at the Samba server's user list for valid names, instead of the domain/cluster?  Or am I just doing something wrong?

More information about the samba mailing list