[Samba] getfacl returning strange active directory group name SLES11

Axel Werner mail at awerner.homeip.net
Thu Nov 29 04:00:27 MST 2012 

Hi SAMBA Gurus,

this question does not realy match SAMBA, but its somehow related and i 
was not able to find some sattisfying answer yet anywhere else. So im 
hopeing for some expert here who may knows this.

I described my case in a SLES Forum at:

https://forums.suse.com/showthread.php?2046-getfacl-returning-strange-active-directory-group-name-SLES11

Given:

SLES 11 SP1 with SAMBA/Winbind joined to Active Directory "AD" using AD 
Role Groups in ACLs on ext3 Filesystem

Im playing around with Linux Filesystem ACLs on a ext3 FS but using 
Active Directory (AD-)Users and AD-Groups for access controll to files 
and folders, thanks to winbind this is.

While i have to use "setfacl" just the way its been described in the man 
page using properly formed "AD\adgroupname" and "AD\adusername" syntax, 
the "getfacl" however returns ALWAYS something strange i was not able to 
find something matching on the internet nor the man page nor the suse 
manuals.

See this output :

~~~~~~~~~~~~~~~~~~~~~~~~~
hostname:/tmp # getfacl -p /data1/testing-acls/

# file: /data1/testing-acls/
# owner: root
# group: root
user::rwx
user:someLocalLinuxUserName:rwx
user:AD\134someAdUserName:rwx
group::rwx
group:AD\134rol-grp-access-control-rw:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:AD\134rol-grp-access-control-rw:rwx
default:mask::rwx
default:other::---

hostname:/tmp #
~~~~~~~~~~~~~~~~~~~~~~~~~

As you can see, local Linux-Users and Groups (not shown here but been 
tested) will be shown correctly and as expected. AD Users and AD Groups 
however contain some strange "number" after the Domain Prefix and the 
before the AD-Group- or AD-Username.

Anyone here KNOWS what this is and why its there?

i compared this to some ancient debian 5 installation that we had laying 
around. NOT joined to an AD but also runs some old SAMBA as a primary 
domain controller. There it seems its pretty much the same. Whenever 
some "windows user" or "windows group" has been written to the 
filesystem ACL the getfacl reports that strange number in between.


THANKS in advance for any competent Answer/Pointing!

greets
Axel

More information about the samba mailing list