[Samba] getfacl returning strange active directory group name SLES11
Axel Werner
mail at awerner.homeip.net
Thu Nov 29 04:00:27 MST 2012
Hi SAMBA Gurus,
this question does not realy match SAMBA, but its somehow related and i
was not able to find some sattisfying answer yet anywhere else. So im
hopeing for some expert here who may knows this.
I described my case in a SLES Forum at:
https://forums.suse.com/showthread.php?2046-getfacl-returning-strange-active-directory-group-name-SLES11
Given:
SLES 11 SP1 with SAMBA/Winbind joined to Active Directory "AD" using AD
Role Groups in ACLs on ext3 Filesystem
Im playing around with Linux Filesystem ACLs on a ext3 FS but using
Active Directory (AD-)Users and AD-Groups for access controll to files
and folders, thanks to winbind this is.
While i have to use "setfacl" just the way its been described in the man
page using properly formed "AD\adgroupname" and "AD\adusername" syntax,
the "getfacl" however returns ALWAYS something strange i was not able to
find something matching on the internet nor the man page nor the suse
manuals.
See this output :
~~~~~~~~~~~~~~~~~~~~~~~~~
hostname:/tmp # getfacl -p /data1/testing-acls/
# file: /data1/testing-acls/
# owner: root
# group: root
user::rwx
user:someLocalLinuxUserName:rwx
user:AD\134someAdUserName:rwx
group::rwx
group:AD\134rol-grp-access-control-rw:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:AD\134rol-grp-access-control-rw:rwx
default:mask::rwx
default:other::---
hostname:/tmp #
~~~~~~~~~~~~~~~~~~~~~~~~~
As you can see, local Linux-Users and Groups (not shown here but been
tested) will be shown correctly and as expected. AD Users and AD Groups
however contain some strange "number" after the Domain Prefix and the
before the AD-Group- or AD-Username.
Anyone here KNOWS what this is and why its there?
i compared this to some ancient debian 5 installation that we had laying
around. NOT joined to an AD but also runs some old SAMBA as a primary
domain controller. There it seems its pretty much the same. Whenever
some "windows user" or "windows group" has been written to the
filesystem ACL the getfacl reports that strange number in between.
THANKS in advance for any competent Answer/Pointing!
greets
Axel
More information about the samba
mailing list