[Samba] setfacl: Option -m: Invalid argument near character 3

Rich Webb rwebb at zylatech.com
Fri Dec 19 06:58:44 MST 2014 

The only thing I have in my smb.conf that is related is this:

 idmap_ldb:use rfc2307 = yes

I don't have any of that other stuff for mapping ids.  

Is there a howto on that somewhere? 

and my nsswitch.conf I have:

passwd:     files sss
shadow:     files
group:      files sss

the sss was only because I was trying sss but it was ONLY "files" to
start with.

Rich

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle
Sent: Friday, December 19, 2014 8:53 AM
To: samba at lists.samba.org
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

Im did not follow the complete thread, but you can check the following.

smb.conf 

   ## map id's outside to domain to tdb files.
   idmap config *:backend = tdb
   idmap config *:range = 50001-80000
   ## map ids from the domain  the range may not overlap !
   idmap config DOMAIN:backend = ad
   idmap config DOMAIN:schema_mode = rfc2307
   idmap config DOMAIN:range = 10000-40000

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes
   winbind refresh tickets = yes
   winbind offline logon = yes
 

nsswich.conf
passwd:         compat winbind
group:          compat winbind

optional. : idmapd.conf :  add : 
[Translation]

Method = nsswitch


test: 

wbinfo -u
wbinfo -g
wbinfo -p


hostname -s
hostname -f
hostname -d
( optional hostname -y )
hostname -i  ( should return the ip or your server ) 

( optional )
dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) 


for me : 
getent group "domain users"
domain users:x:10000:

and You did set the UNIX id on the "Domain Users" group? 


Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] 
>Namens Rich Webb
>Verzonden: vrijdag 19 december 2014 14:40
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument 
>near character 3
>
>Running CentOS 6.6
>Using the Sernet Enterprise packages - sernet-samba-ad.
>
>Just tried:   
>
>getent group "Domain Users"
>getent group DOMAIN\\Domain\ Users 
>
>and neither command returned any entries.
>
>Rich
>
>-----Original Message-----
>From: samba-bounces at lists.samba.org
>[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
>Sent: Friday, December 19, 2014 8:37 AM
>To: samba at lists.samba.org
>Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
>character
>3
>
>On 19/12/14 13:22, Rich Webb wrote:
>> Matt,
>>
>> Thanks for the reply.  I'm not trying to add the "users" group.  I'm 
>> trying to add the "Domain Users" group.  That is the reason 
>for the \ 
>> in front of the space.  It's translated as a literal.  I 
>think I could
>
>> also put quotes around it and not have to use the \ and the space.
>>
>> The problem is getent group only is listing local unix groups.  I 
>> think that is why setfacl is not able to add active directory groups 
>> to the acl.
>
>That may be your problem, 'getent group' will not show any 
>domain group,
>but 'getent group <a domain group>' should show the domain group.
>
>If you are running samba4 in AD mode, then you are running winbind,
>though you may not be **using** it.
>
>Can you post what OS & samba packages you are using.
>
>Rowland
>>
>> Rich.
>>
>> -----Original Message-----
>> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com]
>> Sent: Friday, December 19, 2014 12:15 AM
>> To: Rich Webb
>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
>> character
>> 3
>>
>> Hello Rich,
>>
>> First of all remove space in front of the group name "users":
>>
>> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared
>>
>> For example, following command works for me:
>>
>> [root at vmtest007 tmp]# ls -ld test4
>> drwxrwsr-x. 2 root g-sales       4096 Dec 19 00:10 test4
>>
>> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4
>>
>> [root at vmtest007 tmp]# getfacl test4
>> # file: test4
>> # owner: root
>> # group: g-sales
>> # flags: -s-
>> user::rwx
>> group::rwx
>> group:g-admin:rwx
>> mask::rwx
>> other::r-x
>>
>> [root at vmtest007 tmp]# ls -ld test4
>> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4
>>
>> where MYDOMAIN is windows domain name and g-admin is a group name in 
>> MYDOMAIN.
>> Make sure that group "users" exists by running "getent group users"
>> command, for e.g. in my case:
>> [root at vmtest007 tmp]# getent group g-admin 
>> g-admin:x:91608:alex,bill,joe,kevin
>>
>> Regards,
>> Matt
>>
>> ________________________________________
>> From: samba-bounces at lists.samba.org 
><samba-bounces at lists.samba.org> on
>
>> behalf of Rich Webb <rwebb at zylatech.com>
>> Sent: Thursday, December 18, 2014 8:33 PM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
>> character
>> 3
>>
>> Please is there anyone who has an answer on why this might be
>happening?
>> Do I need some sort of sssd support or winbind or something?  In the 
>> wiki about setting up acl's it doesn't say anything about any other 
>> requirements, only that you have to have acl support and 
>xattr support
>
>> in your filesystem which I do.
>>
>> I'm trying to deploy this server and I need a working solution 
>> tomorrow
>> - kind of in a bind.. I hope someone can help.
>>
>> Thanks,
>> Rich
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb
>> Sent: Thursday, December 18, 2014 6:29 PM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
>> character
>> 3
>>
>> I just tried that and I got the same error.  I think there is some 
>> extended acl support that I'm missing somewhere.
>>
>> It's like the setfacl command is not recognizing the AD groups as 
>> valid groups.
>>
>> I should also add the following information:
>>
>> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba 
>> Enterprise packages.
>>
>> It looks like the binary that is running is /usr/sbin/samba and that 
>> is started with /etc/rc.d/init.d/sernet-samba-ad start
>>
>> Rich
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha
>> Sent: Thursday, December 18, 2014 4:42 PM
>> To: Rich Webb; samba at lists.samba.org
>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near 
>> character
>> 3
>>
>>
>>> I tried setting the permissions from the command line using:
>>>
>>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared
>>>
>>> and it gives me:
>>>
>>> setfacl: Option -m: Invalid argument near character 3
>>>
>> You should enter:
>>
>> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list