[Samba] setfacl: Option -m: Invalid argument near character 3
Tim
rintimtim at gmx.net
Fri Dec 19 15:33:43 MST 2014
It should be sernet-samba-winbind. It's automatically installed by sernet-samba package as far as I know.
For me it was enough to add winbind to passwd and group in nsswitch.conf
Am 19. Dezember 2014 15:02:42 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 19/12/14 13:40, Rich Webb wrote:
>> Running CentOS 6.6
>> Using the Sernet Enterprise packages - sernet-samba-ad.
>>
>> Just tried:
>>
>> getent group "Domain Users"
>> getent group DOMAIN\\Domain\ Users
>>
>> and neither command returned any entries.
>>
>> Rich
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
>> Sent: Friday, December 19, 2014 8:37 AM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near
>character
>> 3
>>
>> On 19/12/14 13:22, Rich Webb wrote:
>>> Matt,
>>>
>>> Thanks for the reply. I'm not trying to add the "users" group. I'm
>>> trying to add the "Domain Users" group. That is the reason for the
>\
>>> in front of the space. It's translated as a literal. I think I
>could
>>> also put quotes around it and not have to use the \ and the space.
>>>
>>> The problem is getent group only is listing local unix groups. I
>>> think that is why setfacl is not able to add active directory groups
>>> to the acl.
>> That may be your problem, 'getent group' will not show any domain
>group,
>> but 'getent group <a domain group>' should show the domain group.
>>
>> If you are running samba4 in AD mode, then you are running winbind,
>> though you may not be **using** it.
>>
>> Can you post what OS & samba packages you are using.
>>
>> Rowland
>>> Rich.
>>>
>>> -----Original Message-----
>>> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com]
>>> Sent: Friday, December 19, 2014 12:15 AM
>>> To: Rich Webb
>>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near
>>> character
>>> 3
>>>
>>> Hello Rich,
>>>
>>> First of all remove space in front of the group name "users":
>>>
>>> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared
>>>
>>> For example, following command works for me:
>>>
>>> [root at vmtest007 tmp]# ls -ld test4
>>> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4
>>>
>>> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4
>>>
>>> [root at vmtest007 tmp]# getfacl test4
>>> # file: test4
>>> # owner: root
>>> # group: g-sales
>>> # flags: -s-
>>> user::rwx
>>> group::rwx
>>> group:g-admin:rwx
>>> mask::rwx
>>> other::r-x
>>>
>>> [root at vmtest007 tmp]# ls -ld test4
>>> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4
>>>
>>> where MYDOMAIN is windows domain name and g-admin is a group name in
>>> MYDOMAIN.
>>> Make sure that group "users" exists by running "getent group users"
>>> command, for e.g. in my case:
>>> [root at vmtest007 tmp]# getent group g-admin
>>> g-admin:x:91608:alex,bill,joe,kevin
>>>
>>> Regards,
>>> Matt
>>>
>>> ________________________________________
>>> From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org>
>on
>>> behalf of Rich Webb <rwebb at zylatech.com>
>>> Sent: Thursday, December 18, 2014 8:33 PM
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near
>>> character
>>> 3
>>>
>>> Please is there anyone who has an answer on why this might be
>> happening?
>>> Do I need some sort of sssd support or winbind or something? In the
>>> wiki about setting up acl's it doesn't say anything about any other
>>> requirements, only that you have to have acl support and xattr
>support
>>> in your filesystem which I do.
>>>
>>> I'm trying to deploy this server and I need a working solution
>>> tomorrow
>>> - kind of in a bind.. I hope someone can help.
>>>
>>> Thanks,
>>> Rich
>>>
>>> -----Original Message-----
>>> From: samba-bounces at lists.samba.org
>>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb
>>> Sent: Thursday, December 18, 2014 6:29 PM
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near
>>> character
>>> 3
>>>
>>> I just tried that and I got the same error. I think there is some
>>> extended acl support that I'm missing somewhere.
>>>
>>> It's like the setfacl command is not recognizing the AD groups as
>>> valid groups.
>>>
>>> I should also add the following information:
>>>
>>> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba
>>> Enterprise packages.
>>>
>>> It looks like the binary that is running is /usr/sbin/samba and that
>>> is started with /etc/rc.d/init.d/sernet-samba-ad start
>>>
>>> Rich
>>>
>>> -----Original Message-----
>>> From: samba-bounces at lists.samba.org
>>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha
>>> Sent: Thursday, December 18, 2014 4:42 PM
>>> To: Rich Webb; samba at lists.samba.org
>>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near
>>> character
>>> 3
>>>
>>>
>>>> I tried setting the permissions from the command line using:
>>>>
>>>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared
>>>>
>>>> and it gives me:
>>>>
>>>> setfacl: Option -m: Invalid argument near character 3
>>>>
>>> You should enter:
>>>
>>> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>OK, do you have 'libnss_winbind.so' on your system ? it would normal be
>
>in /usr/lib or similar. If you have, then it probably just needs
>'winbind' adding to the 'passwd' & 'groups' lines in
>/etc/nsswitch.conf.
>If you cannot find it then it needs to be installed, anybody know which
>
>Sernet package provides it ??
>
>Rowland
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list