[Samba] ACLs and samba

Marius Grannæs grannas at stud.ntnu.no
Tue Nov 18 17:30:13 GMT 2003


John H Terpstra:
> On Tue, 18 Nov 2003, Marius [iso-8859-1] Grannæs wrote:
> 
> > Marius Grannæs:
> > > Hi,
> > >
> > > I'm having trouble getting ACLs and samba to work on solaris. In a unix
> > > shell I can set and get the ACLs with setfacl and getfacl just fine.
> > > Connecting with a window machine (w2000/w2003) to samba lets me
> > > list the ACLs and even modify them. The problem is creating new
> > > ACLs. In the logs I get
> > >
> > > 20031029/local2.error:Oct 29 16:30:11 test1 smbd[5417]: [ID 702911
> > > local2.error] create_canon_ace_lists: unable to map SID
> > > S-1-5-21-3959417778-1711865379-3952174976-20920 to uid or gid.
> > >
> > > Seems to me there is a problem mapping from Windows SIDs to Unix uid. Reading
> > > the documentation, winbind seems to be the only solution to this problem.
> > > But I don't wish to use winbind as I allready have syncronized accounts
> > > on both windows and unix. Though looking at the code it seems to me
> > > that this is the only option available.
> > >
> > > Any ideas?
> >
> > Some more information:
> >
> > I'm running samba 3.0.0 with the following setup:
> >
> > security = domain
> > nt acl support = yes
> 
> You will need to use current CVS samba-3.0.1pre3.
> 
> Suggest you add to smb.conf [globals]:
> 
> 	winbind trusted domains only = Yes
> 
> Then run winbindd. This was added to solve the problem you are seeing.

Thanks! This is just what I wanted :-). I've been pulling my hair for days
over this. Is this in the documentation somewhere?  

Again, many thanks =)

-- 

Marius Grannæs



More information about the samba mailing list