[Samba] setfacl: Option -m: Invalid argument near character 3

Rich Webb rwebb at zylatech.com
Thu Dec 18 13:55:57 MST 2014 

Hi,

 

I have a Samba 4 AD DC running for which I now want to create a file
share on it and control permissions through windows.  I provisioned the
domain with this command:

 

samba-tool domain provision --use-rfc2307 --interactive
--function-level=2008_R2 --use-ntvfs

 

My share definition in my smb.conf is as follows:

 

[Shared]

        comment = Shared Files

        path = /home/shares/shared

 

I tried following the howto for setting ACLs from windows by managing
the dc from a windows PC using computr management.  I get an access
denied error when trying to apply permissions.  

 

I tried setting the permissions from the command line using:

 

setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared

 

and it gives me:

 

setfacl: Option -m: Invalid argument near character 3

 

I've spent hours googling trying to find some indication as to what is
going on but I can't seem to figure out what is happening.  

 

My filesystem is mounted with the necessary options:

UUID=f45e8060-3a37-428e-9e6c-680012a87009 /home/shares  ext4
user_xattr,acl,barrier=1,rw     1 1

 

I also did the acl test from this wiki article: 

https://wiki.samba.org/index.php/OS_Requirements#Testing_Your_Filesystem

 

and it was successful.  I'm missing some piece of information but I
can't figure out what.

 

If needed here is the rest of my smb.conf:

 

# Global parameters

[global]

        workgroup = MYDOMAIN

        realm = MYDOMAIN.LOCAL

        netbios name = DC1

        server role = active directory domain controller

        dns forwarder = 8.8.8.8

        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb

        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dns$

       idmap_ldb:use rfc2307 = yes

        create mode = 0660

        directory mode = 0770

        tls enabled = yes

        tls keyfile = tls/key.pem

        tls certfile = tls/cert.pem

        tls cafile = tls/ca.pem

 

[netlogon]

        path = /var/lib/samba/sysvol/mydomain.local/scripts

        read only = No

 

[sysvol]

        path = /var/lib/samba/sysvol

        read only = No

 

Thanks,

Rich

More information about the samba mailing list