[Samba] Acl problems with 3.07 on solaris 9
Henrik.Beckman at sgu.se
Thu Oct 7 06:40:27 GMT 2004
Well it works but not the way I want... ; )
I would like to have the SID for user0 to map to the UID for user0,
otherwise if winbindd maps user0 SID to UID 15000 when
the user has UID 512 all permissions that are set from windows are
worthless when accessing the filestructure from unix with NIS permissions.
If the files are moved to another fileserver same thing the mapping would
My NT users and groups are for legacy reasons "empty" and only for
windows login, all permissions are managed by NIS users and groups and are
standar file permission or acl:s. Standard user/group and rwx can be set
from windows but the acls can´t.
Your winnbindd instructions solves that but not in a usable way, can I
solve this with some kind of static UID<->SID mapping list or am I
forced to use ldap or AD ?
John H Terpstra <jht at samba.org>
Sent by: samba-bounces+henrik.beckman=sgu.se at lists.samba.org
Please respond to
jht at samba.org
samba at lists.samba.org
Re: [Samba] Acl problems with 3.07 on solaris 9
On Friday 01 October 2004 02:41, Henrik Beckman wrote:
> Hi all
> I get the following errors when trying to set acls, client os is NT4 and
> XP, server is 3.0.7 on solaris9
> [2004/10/01 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(1385)
> create_canon_ace_lists: unable to map SID <sid number removed by me>
> to uid or gid.
> Samba is a member in a NT4 domain, all permissions is managed by unix
> uid/gid which are in NIS, each unix user exists in NT but no groups.
> (passwords are syncronized.)
> There is a user.map fil for those 5 user who doesn´t have the same
> username in unix as in the domain but those are admin accounts only.
> Do I have to use winbind to get the mapping to work ?
> workgroup = <DOMAIN NAME>
> netbios name =<netbios NAME
> server string = <server name>
> security = DOMAIN
> encrypt passwords = Yes
This is already default behavior - no need to set it.
> min passwd length = 6
> password server = <pdc> <bdc>
This is worked out automatically - only need to specify it if you
need to force samba to authenticate to a particular PDC or BDC server.
> username map = /usr/local/samba/lib/users.map
> #loglevel = 2
> log file = /var/opt/samba/log/%m
> name resolve order = host wins bcast
name resolve order = wins bcast host
> time server = Yes
> deadtime = 10
> wins server = <wins1> <wins2>
Specifiy only one WINS server.
> kernel oplocks = No
> host msdfs = Yes
> invalid users = smsclitoknacct& smsclisvcacct&
> create mask = 0644
> inherit acls = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
Also, you must run winbindd. I hope you have added to your
hosts: files dns wins
passwd: files winbind
shadow: files winbind
group: files winbind
Make sure that the following work:
> Samba is compiled with acl support.
> ACL are used in the ufs filesystem and works.
> This is slowly driving me insane.....
See chapter 9.
It's all explained there. If it is not clear and I have failed to cover
needs please let me know so I can update the documentation.
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
To unsubscribe from this list go to the following URL and read the
More information about the samba