[Samba] Using Windows­­­ ACL on a samba3 share

?icro MEGAS micromegas at mail333.com
Wed May 8 16:15:25 MDT 2013 

Hello again,

I am using samba 3.5.6. I have another though maybe this problem occurs due to my OpenLDAP service? My /etc/openldap/slapd.conf is using:

[...]
access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * read

[...]

Could that be the problem because slapd is denying any kind of access to the samba or nsswitch process??? If so, how should I modify these lines to allow it?

Regards,
Lucas.

------------------------------------

"net groupmap list" outputs all my groups and the mappings look fine. All the displayed groups are mapped correctly.

So I tried also this command "net usersidlist" but this gives me following error:

# net usersidlist
[2013/05/08 23:57:30.799662, 0] utils/net_rpc.c:4591(net_usersidlist)
Could not get the user/sid list

#

Thanks for your assistance,
Lucas.

Чтв 09 Май 2013 01:41:51 +0400, Miguel Medalha  написал:

> The log file always says: 
> 
> [2013/05/08 21:57:21.630413, 0] 
> smbd/posix_acls.c:1755(create_canon_ace_lists) 
> create_canon_ace_lists: unable to map SID 
> S-1-5-21-1062190697-4189521229-2202214947-3776 to uid or gid. 
> 

Did you map the unix groups to Windows groups? 

For example: net groupmap add ntgroup="Domain Admins" unixgroup=root type=d 

net groupmap add ntgroup="Domain Admins" unixgroup=root type=d

What is the output of the "net groupmap list" command? 

Чтв 09 Май 2013 01:41:51 +0400, Miguel Medalha  написал:

> The log file always says:

>

> [2013/05/08 21:57:21.630413, 0] 

> smbd/posix_acls.c:1755(create_canon_ace_lists)

> create_canon_ace_lists: unable to map SID 

> S-1-5-21-1062190697-4189521229-2202214947-3776 to uid or gid.

>

Did you map the unix groups to Windows groups?

For example: net groupmap add ntgroup="Domain Admins" unixgroup=root type=d

net groupmap add ntgroup="Domain Admins"  unixgroup=root type=d

What is the output of the "net groupmap list" command?

By the way, which version of Samba are you using? (I ask this because 

your log contains a message also caused by a bug in an old version of Samba)

More information about the samba mailing list