[Samba] Cannot set ACL rights for group "Authenticated Users" (SID
S-1-5-11)
Jens Nissen
jens.nissen at gmx.net
Thu Apr 12 18:06:21 GMT 2007
I cannot set rights on a arbitrary file or folder for the Windows
predefined group "Authenticated Users" (which has SID S-1-5-11) via
SAMBA 3.0.23d and the standard Windows 2000 File Attribute Dialog.
Everything else works:
- I can set rights for any other domain group.
- I can read the ACL entry for "Authenticated Users" in the Windows 2000
File Attribute Dialog if I set it manually with setfacl before
- I am using tdbsam and the SID S-1-5-11 is mapped to GID 1018 (checked
with "wbinfo -Y"), so SAMBA and Windows both seem to agree on the
existence of this predefined group.
What am I doing wrong? Is this supposed to work?
Is there a workaround or any other suitable mapping for this group?
In the "Unofficial Samba + ACL Howto", there is a reference (chapter
3.1.4) that this might not work, but that was back in 2003 and 4 years
have passed since then.
Kind regards for any hint,
Jens
P.S: smb.conf output from testparm, nt acl support = Yes is also set
(testparm does not show it)
[global]
dos charset = ISO-8859-1
unix charset = ISO-8859-1
display charset = ISO-8859-1
workgroup = XXX
realm = XXX.TEST
security = ADS
password server = xxx.xxx.test
passdb backend = tdbsam
guest account = samba
name resolve order = host wins bcast
idmap uid = 1000-60000
idmap gid = 1000-60000
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
ldapsam:trusted = Yes
admin users = XXX\\Administrator
ea support = Yes
map acl inherit = Yes
hide dot files = No
map hidden = Yes
map readonly = permissions
dos filemode = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
preexec = mkdir -m 700 %P
[shared]
comment = ACL shared folder
path = /export/shared
read only = No
create mask = 0777
directory mask = 0777
More information about the samba
mailing list