[Samba] create_canon_ace_lists: unable to map SID

Daniel Chénard dchenard at croesus.com
Mon Mar 15 15:30:30 GMT 2004

I have a samba server on linux with a LDAP DC, 

On a client server, I was do

net join -S DOMSERV -Uadmin%PASSWORD

and that's work

The server member of DOMSERV have a share XFS filesystem.

When I set manualy the acl (setfacl -m g:group:rwx the_file)
It's ok, the other domain member see the ACL

But when I set the acl with a Windows Workstation, that's don't work

create_canon_ace_lists: unable to map SID 

my client smb.conf 

        workgroup = TOTODOM
        server string = Samba Server
        security = DOMAIN
        password server = domain-srv
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        dns proxy = No
        ldap ssl = no
        map acl inherit = Yes

my server smb.conf

        unix charset = ASCII
        workgroup = DOMSERV
        server string = Samba Server
        update encrypted = Yes
        passdb backend = ldapsam:ldap://, guest
        passwd program = /usr/bin/smbpasswd %u
        passwd chat = *new*password* %n\n  *new*password*  %n\n
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
        unix password sync = no
        encrypt passwords = Yes
        passwd chat debug = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        bind interfaces only = no
        interfaces = eth0 lo
        pam password change = yes
        add user script = /usr/bin/smbpasswd -a %u -D 256
        delete user script = /usr/bin/smbpasswd -x %u -D 256
        add machine script = /usr/bin/smbpasswd  -m -a %u$ -D 256
        logon script = netlogon.bat
        logon path = \\srv-image\profiles\%u
        logon drive = X:
        logon home = \\srv-image\%u
        domain logons = Yes
        os level = 65
        preferred master = No
        domain master = Yes
        dns proxy = No
        ldap suffix = dc=domserv,dc=com
        ldap machine suffix = ou=hosts
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap admin dn = cn=manager,dc=domserv,dc=com
        #ldap delete dn = Yes
        #ldap trust ids = Yes
        ldap ssl = no
        ldap passwd sync = Yes
        admin users = Administrator root
        hosts allow =
        #ldap filter = (&(uid=%u) (objectclass=sambaAccount))
        ldap delete dn =yes

Someone can help me??

Daniel Chénard
Croesus Finansoft Inc.
2 Place Laval, Suite 510
Laval, Quebec
Canada H7N 5N6
Site Web: www.croesus.com
Daniel.Chenard at croesus.com
Tel: +1 450-662-6101, 145
Fax: +1 450-662-3629
Please Note: The Light at the End of The Tunnel
             will be turned off until further
             notice due to budget cutbacks.
                                --The Managemen

More information about the samba mailing list