[Samba] Acl problems with 3.07 on solaris 9
John H Terpstra
jht at samba.org
Fri Oct 1 17:19:21 GMT 2004
On Friday 01 October 2004 02:41, Henrik Beckman wrote:
> Hi all
>
> I get the following errors when trying to set acls, client os is NT4 and
> XP, server is 3.0.7 on solaris9
>
> [2004/10/01 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1385)
> create_canon_ace_lists: unable to map SID <sid number removed by me>
> to uid or gid.
>
> Samba is a member in a NT4 domain, all permissions is managed by unix
> uid/gid which are in NIS, each unix user exists in NT but no groups.
> (passwords are syncronized.)
> There is a user.map fil for those 5 user who doesn´t have the same
> username in unix as in the domain but those are admin accounts only.
>
> Do I have to use winbind to get the mapping to work ?
>
> [global]
> workgroup = <DOMAIN NAME>
> netbios name =<netbios NAME
> server string = <server name>
> security = DOMAIN
> encrypt passwords = Yes
This is already default behavior - no need to set it.
> min passwd length = 6
> password server = <pdc> <bdc>
This is worked out automatically - only need to specify it if you absolutely
need to force samba to authenticate to a particular PDC or BDC server.
> username map = /usr/local/samba/lib/users.map
> #loglevel = 2
> log file = /var/opt/samba/log/%m
> name resolve order = host wins bcast
Suggest:
name resolve order = wins bcast host
> time server = Yes
> deadtime = 10
> wins server = <wins1> <wins2>
Specifiy only one WINS server.
> kernel oplocks = No
> host msdfs = Yes
> invalid users = smsclitoknacct& smsclisvcacct&
> create mask = 0644
> inherit acls = Yes
Add:
idmap uid = 15000-20000
idmap gid = 15000-20000
Also, you must run winbindd. I hope you have added to your /etc/nsswitch.conf
file:
hosts: files dns wins
passwd: files winbind
shadow: files winbind
group: files winbind
Make sure that the following work:
wbinfo -u
wbinfo -g
getent passwd
getent group
>
> Samba is compiled with acl support.
> ACL are used in the ufs filesystem and works.
>
> This is slowly driving me insane.....
http://www.samba.org/samba/docs/Samba-Guide.pdf
See chapter 9.
It's all explained there. If it is not clear and I have failed to cover your
needs please let me know so I can update the documentation.
- John T.
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
More information about the samba
mailing list