[Samba] setfacl: Option -m: Invalid argument near character 3

Rich Webb rwebb at zylatech.com
Fri Dec 19 06:40:15 MST 2014 

Running CentOS 6.6
Using the Sernet Enterprise packages - sernet-samba-ad.

Just tried:   

getent group "Domain Users"
getent group DOMAIN\\Domain\ Users 

and neither command returned any entries.

Rich

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: Friday, December 19, 2014 8:37 AM
To: samba at lists.samba.org
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

On 19/12/14 13:22, Rich Webb wrote:
> Matt,
>
> Thanks for the reply.  I'm not trying to add the "users" group.  I'm 
> trying to add the "Domain Users" group.  That is the reason for the \ 
> in front of the space.  It's translated as a literal.  I think I could

> also put quotes around it and not have to use the \ and the space.
>
> The problem is getent group only is listing local unix groups.  I 
> think that is why setfacl is not able to add active directory groups 
> to the acl.

That may be your problem, 'getent group' will not show any domain group,
but 'getent group <a domain group>' should show the domain group.

If you are running samba4 in AD mode, then you are running winbind,
though you may not be **using** it.

Can you post what OS & samba packages you are using.

Rowland
>
> Rich.
>
> -----Original Message-----
> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com]
> Sent: Friday, December 19, 2014 12:15 AM
> To: Rich Webb
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
> character
> 3
>
> Hello Rich,
>
> First of all remove space in front of the group name "users":
>
> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared
>
> For example, following command works for me:
>
> [root at vmtest007 tmp]# ls -ld test4
> drwxrwsr-x. 2 root g-sales       4096 Dec 19 00:10 test4
>
> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4
>
> [root at vmtest007 tmp]# getfacl test4
> # file: test4
> # owner: root
> # group: g-sales
> # flags: -s-
> user::rwx
> group::rwx
> group:g-admin:rwx
> mask::rwx
> other::r-x
>
> [root at vmtest007 tmp]# ls -ld test4
> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4
>
> where MYDOMAIN is windows domain name and g-admin is a group name in 
> MYDOMAIN.
> Make sure that group "users" exists by running "getent group users"
> command, for e.g. in my case:
> [root at vmtest007 tmp]# getent group g-admin 
> g-admin:x:91608:alex,bill,joe,kevin
>
> Regards,
> Matt
>
> ________________________________________
> From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on

> behalf of Rich Webb <rwebb at zylatech.com>
> Sent: Thursday, December 18, 2014 8:33 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
> character
> 3
>
> Please is there anyone who has an answer on why this might be
happening?
> Do I need some sort of sssd support or winbind or something?  In the 
> wiki about setting up acl's it doesn't say anything about any other 
> requirements, only that you have to have acl support and xattr support

> in your filesystem which I do.
>
> I'm trying to deploy this server and I need a working solution 
> tomorrow
> - kind of in a bind.. I hope someone can help.
>
> Thanks,
> Rich
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb
> Sent: Thursday, December 18, 2014 6:29 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
> character
> 3
>
> I just tried that and I got the same error.  I think there is some 
> extended acl support that I'm missing somewhere.
>
> It's like the setfacl command is not recognizing the AD groups as 
> valid groups.
>
> I should also add the following information:
>
> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba 
> Enterprise packages.
>
> It looks like the binary that is running is /usr/sbin/samba and that 
> is started with /etc/rc.d/init.d/sernet-samba-ad start
>
> Rich
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha
> Sent: Thursday, December 18, 2014 4:42 PM
> To: Rich Webb; samba at lists.samba.org
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
> character
> 3
>
>
>> I tried setting the permissions from the command line using:
>>
>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared
>>
>> and it gives me:
>>
>> setfacl: Option -m: Invalid argument near character 3
>>
> You should enter:
>
> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list