[Samba] Can't set ACL with Windows XP - why?

Cleber P. de Souza cleberps at gmail.com
Sun Nov 5 15:32:50 GMT 2006

To set a user admin rights on samba use the 'admin users' options This
can be set for a share or for whole shares.
Also remember to map samba to ldap groups. Use 'net groupmap list' to
check your settings and verify if the GIDs are correct.
With field on LDAP 'Domain Admins' group are you using to put the
username? (memberUid, sambaSIDList or set Domain Admins the principal
group for the user?)
Also set 'nt acl support' to yes (I think 'yes' is the default) in
your smb.conf.
It seems a permission problem.

On 11/5/06, Manuel Graumann <mgraumann at gc-heat.de> wrote:
> Hi there,
> finally all seems to be working. Samba 3 as PDC with LDAP Backend. Even ACLs
> are possible with the command line tool setfacl. These ACLs work fine in
> Samba and are displayed correctly in the Windows filemanager in the
> security-tab.
> But one thing remains unsolved: why can't I set those ACLs directly from my
> Windows client machine? If I try to modify the ACL I always get a message
> that my settings have not been saved and an "Access denied".
> Share definition:
> [fsroot]
> comment = Fileserver Root
> path = /data/srv/samba/root
> admin users = '@Domain Admins'
> read only = No
> inherit acls = Yes
> # getfacl /data/srv/samba/root
> # file: root
> # owner: root
> # group: Domain\040Admins
> user::rwx
> group::rwx
> other::rwx
> The group "Domain Admins" has been granted SeDiskOperatorPrivilege.
> The user trying to change the ACLs from Windows is a member of the group
> "Domain Admins"
> Any suggestions would be appeciated.
> Regards
> Manuel
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Cleber P. de Souza

More information about the samba mailing list