[Samba] Cannot set ACL for "Authenticated Users"
Arnaud Lesauvage
arnaud.listes at codata.eu
Fri Apr 29 08:11:34 MDT 2011
Yes, windows PDC running Windows 2003 R2 (NO unix extensions).
wbinfo -u works fine.
But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid"
And that is exactly what happened to the OP of the discussion I quoted
in my original message.
Le 29/04/2011 16:00, Aaron E. a écrit :
> Windows PDC?
>
> Does wbinfo -u return a list of domain users?
>
> On 04/29/2011 09:44 AM, Arnaud Lesauvage wrote:
>> Le 29/04/2011 14:45, Aaron E. a écrit :
>>> Does the file system your working with support ACL? IS it set to use
>>> acls in the /etc/fstab?
>>
>> Hi Aaron, thanks for your answer.
>> Yes, it is set to use ACL and usr_xattr. Both work well.
>> But "Authenticated Users" seem to be not mappable to a gid.
>>
>>
>>
>>
>>> On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote:
>>>> Hi list !
>>>>
>>>> I have found someone having a similar problem back in 2007
>>>> (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I
>>>> understand it, this problem is fixed for a long time now.
>>>>
>>>> So basically, I am trying to give "Authenticated Users" some permissions
>>>> on a folder in a samba share, but when I wheck back either with my
>>>> windows GUI or via getfacl, the permission has just been dismissed and
>>>> nothing ahas changed.
>>>>
>>>> The serveur is running samba version 3.2.7 on OpenSuse 11.
>>>>
>>>> Here is the result of testparm :
>>>> [global]
>>>> workgroup = dom
>>>> realm = dom.ext
>>>> server string = Samba Server
>>>> security = ADS
>>>> password server = pdc1.dom.ext pdc2.dom.ext
>>>> idmap uid = 1200-20000
>>>> idmap gid = 1200-20000
>>>> winbind separator = +
>>>> winbind enum users = Yes
>>>> winbind enum groups = Yes
>>>> winbind use default domain = Yes
>>>> winbind expand groups = 3
>>>>
>>>> And for the share where the folder is stored :
>>>> [data]
>>>> comment = data
>>>> path = /srv/samba/data
>>>> valid users = "@LOCAL+Domain Users"
>>>> admin users = "@LOCAL+Domain Admins"
>>>> read only = no
>>>> browseable = no
>>>> map acl inherit = yes
>>>> inherit acls = yes
>>>> create mask = 0600
>>>> directory mask = 0700
>>>> store dos attributes = yes
>>>> csc policy = disable
>>>>
>>>> What should I change to be able to attribute permissions to the
>>>> "Authenticated Users" group ?
>>>>
>>>>
>>>> Thanks a lot for your help !
>>>>
>>>> Arnaud
>>>
>>
>
More information about the samba
mailing list