[Samba] setfacl: Option -m: Invalid argument near character 3

Rich Webb rwebb at zylatech.com
Thu Dec 18 13:55:57 MST 2014



I have a Samba 4 AD DC running for which I now want to create a file
share on it and control permissions through windows.  I provisioned the
domain with this command:


samba-tool domain provision --use-rfc2307 --interactive
--function-level=2008_R2 --use-ntvfs


My share definition in my smb.conf is as follows:



        comment = Shared Files

        path = /home/shares/shared


I tried following the howto for setting ACLs from windows by managing
the dc from a windows PC using computr management.  I get an access
denied error when trying to apply permissions.  


I tried setting the permissions from the command line using:


setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared


and it gives me:


setfacl: Option -m: Invalid argument near character 3


I've spent hours googling trying to find some indication as to what is
going on but I can't seem to figure out what is happening.  


My filesystem is mounted with the necessary options:

UUID=f45e8060-3a37-428e-9e6c-680012a87009 /home/shares  ext4
user_xattr,acl,barrier=1,rw     1 1


I also did the acl test from this wiki article: 



and it was successful.  I'm missing some piece of information but I
can't figure out what.


If needed here is the rest of my smb.conf:


# Global parameters


        workgroup = MYDOMAIN

        realm = MYDOMAIN.LOCAL

        netbios name = DC1

        server role = active directory domain controller

        dns forwarder =

        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb

        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dns$

       idmap_ldb:use rfc2307 = yes

        create mode = 0660

        directory mode = 0770

        tls enabled = yes

        tls keyfile = tls/key.pem

        tls certfile = tls/cert.pem

        tls cafile = tls/ca.pem



        path = /var/lib/samba/sysvol/mydomain.local/scripts

        read only = No



        path = /var/lib/samba/sysvol

        read only = No





More information about the samba mailing list