[Samba] managing Win2K3 ACL from debian server

samba.4.v_malien at spamgourmet.com samba.4.v_malien at spamgourmet.com
Tue Aug 1 10:23:57 GMT 2006

I want to modify ACL on files which are on a win2K3 server from a Debian
Sarge server.
my config. is:
Linux Debian Sarge testing with kernel 2.6
samba 3.0.22 configured with winbind
krb5 installed, the Linux server is member of a AD domain on witch the
win2K3 server is a domain controller.
I want to do the following (as root):
smbmount //mywin2k3server/share /mnt/smb/mountingfolder -o
setfacl -m u:domainuser:w /mnt/smb/mountingfolder/afile
the first problem is that the mounting command line with smbmount
doesn't work; there is no message, but the folder become unreachable.
the same command executed on a windows NT or a windows 2000 share
the second problem is that the setfacl command line doesn't work on
files which are on those windows server (NTFS format). It display : "
Not supported operation ".
setfacl on a file which is on a Linux ext3 disk success, and an ACL
modification from a windows computer to a file on the Linux server
echo of smb.conf:
workgroup = WIN2K3DOM
server string = %h server (Samba %v)
load printers = yes
guest account = nobody
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = ADS
realm = WIN2K3DOM.DOM
password server =
client use spnego = yes
encrypt passwords = true
passdb backend = tdbsam guest
enable privileges = yes
#dos filemode = yes
nt acl support = yes
map acl inherit = yes
os level = 20
domain master = auto
preferred master = auto
dns proxy = yes
unix password sync = true
pam password change = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/winnt/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
#======================= Share Definitions =====

More information about the samba mailing list