[Samba] Set ACLs on Samba share from Windows
Gaiseric Vandal
gaiseric.vandal at gmail.com
Sun Jul 4 18:26:47 MDT 2010
It works for me - Solaris 10, ZFS file system, configured as a PDC or BDC
#testparm -v | grep "acl "
acl compatibility = auto
acl check permissions = Yes
acl group control = No
acl map full control = Yes
force unknown acl user = No
nt acl support = Yes
map acl inherit = No
If you are on linux, ext3 and ext4 should support acl's.
Can you use "setfacl" to change permissions on a file on the unix level
using the uid of a domain user?
Can you, in windows, set permissions for someone defined as a local user?
That might indicated if the problem is really with ACL's or if the problem
is with winbind retrieving users from the domain controller. (Although
getent seems to indicate that that winbind is not the problem.)
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Dadoo
Sent: Saturday, July 03, 2010 3:46 AM
To: samba at lists.samba.org
Subject: [Samba] Set ACLs on Samba share from Windows
I can't seem to verify whether or my first attempt at sending this
message was successful, so I'm reposting it, using a different method. I
apologize if anyone has seen it already.
I have a Samba server, joined to my Windows Active Directory domain, and
I'm having a problem setting ACLs on a share from Windows. On Windows, I
get the error message "Unable to save permission changes on <folder>. The
parameter is incorrect." and when I look in my Samba log, I see the
message "ACL is invalid for set (Invalid argument)".
"getent passwd" and "getent group" return both local and AD users and
groups, respectively.
Here are the relevant lines from my smb.conf:
[global]
workgroup = <My domain>
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
log level = 3 winbind:10 acls:10
security = ads
realm = <My domain>.LOCAL
encrypt passwords = yes
idmap uid = 2000-10000
idmap gid = 2000-10000
winbind enum groups = yes
winbind enum users = yes
wins server = 10.0.0.65
load printers = no
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[paperport]
comment = Test share for PaperPort images
path = /u1/images
admin users = <My domain>\<user1> <My domain>\<me>
public = yes
writable = yes
browseable = yes
I'm sure I'm missing something minor, but I can't figure out what it is.
Anyone have any ideas?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list