[Samba] Acl problems with 3.07 on solaris 9

John H Terpstra jht at samba.org
Fri Oct 1 17:19:21 GMT 2004


On Friday 01 October 2004 02:41, Henrik Beckman wrote:
> Hi all
>
> I get the following errors when trying to set acls, client os is NT4 and
> XP, server is 3.0.7 on solaris9
>
> [2004/10/01 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1385)
>   create_canon_ace_lists: unable to map SID <sid number removed by me>
> to uid or gid.
>
> Samba is a member in a NT4 domain, all permissions is managed by unix
> uid/gid which are in NIS, each unix user exists in NT but no groups.
> (passwords are syncronized.)
> There is a user.map fil for those 5 user who doesn´t have the same
> username in unix as in the domain but those are admin accounts only.
>
> Do I have to use winbind to get the mapping to work ?
>
> [global]
>         workgroup = <DOMAIN NAME>
>         netbios name =<netbios NAME
>         server string = <server name>
>         security = DOMAIN
>         encrypt passwords = Yes

This is already default behavior - no need to set it.

>         min passwd length = 6
>         password server = <pdc> <bdc>

This is worked out automatically - only need to specify it if you absolutely 
need to force samba to authenticate to a particular PDC or BDC server.

>         username map = /usr/local/samba/lib/users.map
>         #loglevel = 2
>         log file = /var/opt/samba/log/%m
>         name resolve order = host wins bcast

Suggest:
	name resolve order = wins bcast host

>         time server = Yes
>         deadtime = 10
>         wins server = <wins1> <wins2>

Specifiy only one WINS server.

>         kernel oplocks = No
>         host msdfs = Yes
>         invalid users = smsclitoknacct& smsclisvcacct&
>         create mask = 0644
>         inherit acls = Yes

Add:
	idmap uid = 15000-20000
	idmap gid = 15000-20000


Also, you must run winbindd. I hope you have added to your /etc/nsswitch.conf 
file:

	hosts: files dns wins
	passwd: files winbind
	shadow: files winbind
	group: files winbind

Make sure that the following work:

	wbinfo -u
	wbinfo -g
	getent passwd
	getent group


>
> Samba is compiled with acl support.
> ACL are used in the ufs filesystem and works.
>
> This is slowly driving me insane.....

http://www.samba.org/samba/docs/Samba-Guide.pdf 

See chapter 9.

It's all explained there. If it is not clear and I have failed to cover your 
needs please let me know so I can update the documentation.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.


More information about the samba mailing list