L.P.H. van Belle
2014-Dec-19 13:53 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Im did not follow the complete thread, but you can check the following. smb.conf ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 50001-80000 ## map ids from the domain the range may not overlap ! idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = yes nsswich.conf passwd: compat winbind group: compat winbind optional. : idmapd.conf : add : [Translation] Method = nsswitch test: wbinfo -u wbinfo -g wbinfo -p hostname -s hostname -f hostname -d ( optional hostname -y ) hostname -i ( should return the ip or your server ) ( optional ) dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) for me : getent group "domain users" domain users:x:10000: and You did set the UNIX id on the "Domain Users" group? Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >Namens Rich Webb >Verzonden: vrijdag 19 december 2014 14:40 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >near character 3 > >Running CentOS 6.6 >Using the Sernet Enterprise packages - sernet-samba-ad. > >Just tried: > >getent group "Domain Users" >getent group DOMAIN\\Domain\ Users > >and neither command returned any entries. > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny >Sent: Friday, December 19, 2014 8:37 AM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >On 19/12/14 13:22, Rich Webb wrote: >> Matt, >> >> Thanks for the reply. I'm not trying to add the "users" group. I'm >> trying to add the "Domain Users" group. That is the reason >for the \ >> in front of the space. It's translated as a literal. I >think I could > >> also put quotes around it and not have to use the \ and the space. >> >> The problem is getent group only is listing local unix groups. I >> think that is why setfacl is not able to add active directory groups >> to the acl. > >That may be your problem, 'getent group' will not show any >domain group, >but 'getent group <a domain group>' should show the domain group. > >If you are running samba4 in AD mode, then you are running winbind, >though you may not be **using** it. > >Can you post what OS & samba packages you are using. > >Rowland >> >> Rich. >> >> -----Original Message----- >> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >> Sent: Friday, December 19, 2014 12:15 AM >> To: Rich Webb >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Hello Rich, >> >> First of all remove space in front of the group name "users": >> >> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >> >> For example, following command works for me: >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >> >> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >> >> [root at vmtest007 tmp]# getfacl test4 >> # file: test4 >> # owner: root >> # group: g-sales >> # flags: -s- >> user::rwx >> group::rwx >> group:g-admin:rwx >> mask::rwx >> other::r-x >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >> >> where MYDOMAIN is windows domain name and g-admin is a group name in >> MYDOMAIN. >> Make sure that group "users" exists by running "getent group users" >> command, for e.g. in my case: >> [root at vmtest007 tmp]# getent group g-admin >> g-admin:x:91608:alex,bill,joe,kevin >> >> Regards, >> Matt >> >> ________________________________________ >> From: samba-bounces at lists.samba.org ><samba-bounces at lists.samba.org> on > >> behalf of Rich Webb <rwebb at zylatech.com> >> Sent: Thursday, December 18, 2014 8:33 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Please is there anyone who has an answer on why this might be >happening? >> Do I need some sort of sssd support or winbind or something? In the >> wiki about setting up acl's it doesn't say anything about any other >> requirements, only that you have to have acl support and >xattr support > >> in your filesystem which I do. >> >> I'm trying to deploy this server and I need a working solution >> tomorrow >> - kind of in a bind.. I hope someone can help. >> >> Thanks, >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >> Sent: Thursday, December 18, 2014 6:29 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> I just tried that and I got the same error. I think there is some >> extended acl support that I'm missing somewhere. >> >> It's like the setfacl command is not recognizing the AD groups as >> valid groups. >> >> I should also add the following information: >> >> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >> Enterprise packages. >> >> It looks like the binary that is running is /usr/sbin/samba and that >> is started with /etc/rc.d/init.d/sernet-samba-ad start >> >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >> Sent: Thursday, December 18, 2014 4:42 PM >> To: Rich Webb; samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> >>> I tried setting the permissions from the command line using: >>> >>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>> >>> and it gives me: >>> >>> setfacl: Option -m: Invalid argument near character 3 >>> >> You should enter: >> >> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Rich Webb
2014-Dec-19 13:58 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
The only thing I have in my smb.conf that is related is this: idmap_ldb:use rfc2307 = yes I don't have any of that other stuff for mapping ids. Is there a howto on that somewhere? and my nsswitch.conf I have: passwd: files sss shadow: files group: files sss the sss was only because I was trying sss but it was ONLY "files" to start with. Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle Sent: Friday, December 19, 2014 8:53 AM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 Im did not follow the complete thread, but you can check the following. smb.conf ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 50001-80000 ## map ids from the domain the range may not overlap ! idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = yes nsswich.conf passwd: compat winbind group: compat winbind optional. : idmapd.conf : add : [Translation] Method = nsswitch test: wbinfo -u wbinfo -g wbinfo -p hostname -s hostname -f hostname -d ( optional hostname -y ) hostname -i ( should return the ip or your server ) ( optional ) dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) for me : getent group "domain users" domain users:x:10000: and You did set the UNIX id on the "Domain Users" group? Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >Namens Rich Webb >Verzonden: vrijdag 19 december 2014 14:40 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >near character 3 > >Running CentOS 6.6 >Using the Sernet Enterprise packages - sernet-samba-ad. > >Just tried: > >getent group "Domain Users" >getent group DOMAIN\\Domain\ Users > >and neither command returned any entries. > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny >Sent: Friday, December 19, 2014 8:37 AM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >On 19/12/14 13:22, Rich Webb wrote: >> Matt, >> >> Thanks for the reply. I'm not trying to add the "users" group. I'm >> trying to add the "Domain Users" group. That is the reason >for the \ >> in front of the space. It's translated as a literal. I >think I could > >> also put quotes around it and not have to use the \ and the space. >> >> The problem is getent group only is listing local unix groups. I >> think that is why setfacl is not able to add active directory groups >> to the acl. > >That may be your problem, 'getent group' will not show any >domain group, >but 'getent group <a domain group>' should show the domain group. > >If you are running samba4 in AD mode, then you are running winbind, >though you may not be **using** it. > >Can you post what OS & samba packages you are using. > >Rowland >> >> Rich. >> >> -----Original Message----- >> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >> Sent: Friday, December 19, 2014 12:15 AM >> To: Rich Webb >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Hello Rich, >> >> First of all remove space in front of the group name "users": >> >> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >> >> For example, following command works for me: >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >> >> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >> >> [root at vmtest007 tmp]# getfacl test4 >> # file: test4 >> # owner: root >> # group: g-sales >> # flags: -s- >> user::rwx >> group::rwx >> group:g-admin:rwx >> mask::rwx >> other::r-x >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >> >> where MYDOMAIN is windows domain name and g-admin is a group name in >> MYDOMAIN. >> Make sure that group "users" exists by running "getent group users" >> command, for e.g. in my case: >> [root at vmtest007 tmp]# getent group g-admin >> g-admin:x:91608:alex,bill,joe,kevin >> >> Regards, >> Matt >> >> ________________________________________ >> From: samba-bounces at lists.samba.org ><samba-bounces at lists.samba.org> on > >> behalf of Rich Webb <rwebb at zylatech.com> >> Sent: Thursday, December 18, 2014 8:33 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Please is there anyone who has an answer on why this might be >happening? >> Do I need some sort of sssd support or winbind or something? In the >> wiki about setting up acl's it doesn't say anything about any other >> requirements, only that you have to have acl support and >xattr support > >> in your filesystem which I do. >> >> I'm trying to deploy this server and I need a working solution >> tomorrow >> - kind of in a bind.. I hope someone can help. >> >> Thanks, >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >> Sent: Thursday, December 18, 2014 6:29 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> I just tried that and I got the same error. I think there is some >> extended acl support that I'm missing somewhere. >> >> It's like the setfacl command is not recognizing the AD groups as >> valid groups. >> >> I should also add the following information: >> >> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >> Enterprise packages. >> >> It looks like the binary that is running is /usr/sbin/samba and that >> is started with /etc/rc.d/init.d/sernet-samba-ad start >> >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >> Sent: Thursday, December 18, 2014 4:42 PM >> To: Rich Webb; samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> >>> I tried setting the permissions from the command line using: >>> >>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>> >>> and it gives me: >>> >>> setfacl: Option -m: Invalid argument near character 3 >>> >> You should enter: >> >> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Zerwes, Klaus
2014-Dec-19 14:03 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
try passwd: compat winbind group: compat winbind shadow: compat winbind in /etc/nsswitch.conf Klaus Zerwes ________________________________________ Von: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org]" im Auftrag von "Rich Webb [rwebb at zylatech.com] Gesendet: Freitag, 19. Dezember 2014 14:58 An: samba at lists.samba.org Betreff: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 The only thing I have in my smb.conf that is related is this: idmap_ldb:use rfc2307 = yes I don't have any of that other stuff for mapping ids. Is there a howto on that somewhere? and my nsswitch.conf I have: passwd: files sss shadow: files group: files sss the sss was only because I was trying sss but it was ONLY "files" to start with. Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle Sent: Friday, December 19, 2014 8:53 AM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 Im did not follow the complete thread, but you can check the following. smb.conf ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 50001-80000 ## map ids from the domain the range may not overlap ! idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = yes nsswich.conf passwd: compat winbind group: compat winbind optional. : idmapd.conf : add : [Translation] Method = nsswitch test: wbinfo -u wbinfo -g wbinfo -p hostname -s hostname -f hostname -d ( optional hostname -y ) hostname -i ( should return the ip or your server ) ( optional ) dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) for me : getent group "domain users" domain users:x:10000: and You did set the UNIX id on the "Domain Users" group? Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >Namens Rich Webb >Verzonden: vrijdag 19 december 2014 14:40 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >near character 3 > >Running CentOS 6.6 >Using the Sernet Enterprise packages - sernet-samba-ad. > >Just tried: > >getent group "Domain Users" >getent group DOMAIN\\Domain\ Users > >and neither command returned any entries. > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny >Sent: Friday, December 19, 2014 8:37 AM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >On 19/12/14 13:22, Rich Webb wrote: >> Matt, >> >> Thanks for the reply. I'm not trying to add the "users" group. I'm >> trying to add the "Domain Users" group. That is the reason >for the \ >> in front of the space. It's translated as a literal. I >think I could > >> also put quotes around it and not have to use the \ and the space. >> >> The problem is getent group only is listing local unix groups. I >> think that is why setfacl is not able to add active directory groups >> to the acl. > >That may be your problem, 'getent group' will not show any >domain group, >but 'getent group <a domain group>' should show the domain group. > >If you are running samba4 in AD mode, then you are running winbind, >though you may not be **using** it. > >Can you post what OS & samba packages you are using. > >Rowland >> >> Rich. >> >> -----Original Message----- >> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >> Sent: Friday, December 19, 2014 12:15 AM >> To: Rich Webb >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Hello Rich, >> >> First of all remove space in front of the group name "users": >> >> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >> >> For example, following command works for me: >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >> >> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >> >> [root at vmtest007 tmp]# getfacl test4 >> # file: test4 >> # owner: root >> # group: g-sales >> # flags: -s- >> user::rwx >> group::rwx >> group:g-admin:rwx >> mask::rwx >> other::r-x >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >> >> where MYDOMAIN is windows domain name and g-admin is a group name in >> MYDOMAIN. >> Make sure that group "users" exists by running "getent group users" >> command, for e.g. in my case: >> [root at vmtest007 tmp]# getent group g-admin >> g-admin:x:91608:alex,bill,joe,kevin >> >> Regards, >> Matt >> >> ________________________________________ >> From: samba-bounces at lists.samba.org ><samba-bounces at lists.samba.org> on > >> behalf of Rich Webb <rwebb at zylatech.com> >> Sent: Thursday, December 18, 2014 8:33 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Please is there anyone who has an answer on why this might be >happening? >> Do I need some sort of sssd support or winbind or something? In the >> wiki about setting up acl's it doesn't say anything about any other >> requirements, only that you have to have acl support and >xattr support > >> in your filesystem which I do. >> >> I'm trying to deploy this server and I need a working solution >> tomorrow >> - kind of in a bind.. I hope someone can help. >> >> Thanks, >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >> Sent: Thursday, December 18, 2014 6:29 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> I just tried that and I got the same error. I think there is some >> extended acl support that I'm missing somewhere. >> >> It's like the setfacl command is not recognizing the AD groups as >> valid groups. >> >> I should also add the following information: >> >> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >> Enterprise packages. >> >> It looks like the binary that is running is /usr/sbin/samba and that >> is started with /etc/rc.d/init.d/sernet-samba-ad start >> >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >> Sent: Thursday, December 18, 2014 4:42 PM >> To: Rich Webb; samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> >>> I tried setting the permissions from the command line using: >>> >>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>> >>> and it gives me: >>> >>> setfacl: Option -m: Invalid argument near character 3 >>> >> You should enter: >> >> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2014-Dec-19 14:08 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Wel its up to you. sssd has it advantages, but in using debian and sssd on debian it a bit old. So i did stick to winbind. The settings i did send are set on ALL my server, DC and Member servers. I use de ADUC for setting the unix attributes https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC and the sernet package is : sernet-samba-winbind ( on debian ) I have to go out of the office.. Good luck, hope this helped a bit. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >Namens Rich Webb >Verzonden: vrijdag 19 december 2014 14:59 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >near character 3 > >The only thing I have in my smb.conf that is related is this: > > idmap_ldb:use rfc2307 = yes > >I don't have any of that other stuff for mapping ids. > >Is there a howto on that somewhere? > >and my nsswitch.conf I have: > >passwd: files sss >shadow: files >group: files sss > >the sss was only because I was trying sss but it was ONLY "files" to >start with. > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van Belle >Sent: Friday, December 19, 2014 8:53 AM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >Im did not follow the complete thread, but you can check the following. > >smb.conf > > ## map id's outside to domain to tdb files. > idmap config *:backend = tdb > idmap config *:range = 50001-80000 > ## map ids from the domain the range may not overlap ! > idmap config DOMAIN:backend = ad > idmap config DOMAIN:schema_mode = rfc2307 > idmap config DOMAIN:range = 10000-40000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > winbind offline logon = yes > > >nsswich.conf >passwd: compat winbind >group: compat winbind > >optional. : idmapd.conf : add : >[Translation] > >Method = nsswitch > > >test: > >wbinfo -u >wbinfo -g >wbinfo -p > > >hostname -s >hostname -f >hostname -d >( optional hostname -y ) >hostname -i ( should return the ip or your server ) > >( optional ) >dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) > > >for me : >getent group "domain users" >domain users:x:10000: > >and You did set the UNIX id on the "Domain Users" group? > > >Greetz, > >Louis > > >>-----Oorspronkelijk bericht----- >>Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >>Namens Rich Webb >>Verzonden: vrijdag 19 december 2014 14:40 >>Aan: samba at lists.samba.org >>Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >>near character 3 >> >>Running CentOS 6.6 >>Using the Sernet Enterprise packages - sernet-samba-ad. >> >>Just tried: >> >>getent group "Domain Users" >>getent group DOMAIN\\Domain\ Users >> >>and neither command returned any entries. >> >>Rich >> >>-----Original Message----- >>From: samba-bounces at lists.samba.org >>[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny >>Sent: Friday, December 19, 2014 8:37 AM >>To: samba at lists.samba.org >>Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >>character >>3 >> >>On 19/12/14 13:22, Rich Webb wrote: >>> Matt, >>> >>> Thanks for the reply. I'm not trying to add the "users" >group. I'm >>> trying to add the "Domain Users" group. That is the reason >>for the \ >>> in front of the space. It's translated as a literal. I >>think I could >> >>> also put quotes around it and not have to use the \ and the space. >>> >>> The problem is getent group only is listing local unix groups. I >>> think that is why setfacl is not able to add active >directory groups >>> to the acl. >> >>That may be your problem, 'getent group' will not show any >>domain group, >>but 'getent group <a domain group>' should show the domain group. >> >>If you are running samba4 in AD mode, then you are running winbind, >>though you may not be **using** it. >> >>Can you post what OS & samba packages you are using. >> >>Rowland >>> >>> Rich. >>> >>> -----Original Message----- >>> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >>> Sent: Friday, December 19, 2014 12:15 AM >>> To: Rich Webb >>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >>> character >>> 3 >>> >>> Hello Rich, >>> >>> First of all remove space in front of the group name "users": >>> >>> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >>> >>> For example, following command works for me: >>> >>> [root at vmtest007 tmp]# ls -ld test4 >>> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >>> >>> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >>> >>> [root at vmtest007 tmp]# getfacl test4 >>> # file: test4 >>> # owner: root >>> # group: g-sales >>> # flags: -s- >>> user::rwx >>> group::rwx >>> group:g-admin:rwx >>> mask::rwx >>> other::r-x >>> >>> [root at vmtest007 tmp]# ls -ld test4 >>> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >>> >>> where MYDOMAIN is windows domain name and g-admin is a >group name in >>> MYDOMAIN. >>> Make sure that group "users" exists by running "getent group users" >>> command, for e.g. in my case: >>> [root at vmtest007 tmp]# getent group g-admin >>> g-admin:x:91608:alex,bill,joe,kevin >>> >>> Regards, >>> Matt >>> >>> ________________________________________ >>> From: samba-bounces at lists.samba.org >><samba-bounces at lists.samba.org> on >> >>> behalf of Rich Webb <rwebb at zylatech.com> >>> Sent: Thursday, December 18, 2014 8:33 PM >>> To: samba at lists.samba.org >>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >>> character >>> 3 >>> >>> Please is there anyone who has an answer on why this might be >>happening? >>> Do I need some sort of sssd support or winbind or >something? In the >>> wiki about setting up acl's it doesn't say anything about any other >>> requirements, only that you have to have acl support and >>xattr support >> >>> in your filesystem which I do. >>> >>> I'm trying to deploy this server and I need a working solution >>> tomorrow >>> - kind of in a bind.. I hope someone can help. >>> >>> Thanks, >>> Rich >>> >>> -----Original Message----- >>> From: samba-bounces at lists.samba.org >>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >>> Sent: Thursday, December 18, 2014 6:29 PM >>> To: samba at lists.samba.org >>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >>> character >>> 3 >>> >>> I just tried that and I got the same error. I think there is some >>> extended acl support that I'm missing somewhere. >>> >>> It's like the setfacl command is not recognizing the AD groups as >>> valid groups. >>> >>> I should also add the following information: >>> >>> This server is built up on CentOS 6.6 Minimal using the >Sernet-Samba >>> Enterprise packages. >>> >>> It looks like the binary that is running is /usr/sbin/samba >and that >>> is started with /etc/rc.d/init.d/sernet-samba-ad start >>> >>> Rich >>> >>> -----Original Message----- >>> From: samba-bounces at lists.samba.org >>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >>> Sent: Thursday, December 18, 2014 4:42 PM >>> To: Rich Webb; samba at lists.samba.org >>> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >>> character >>> 3 >>> >>> >>>> I tried setting the permissions from the command line using: >>>> >>>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>>> >>>> and it gives me: >>>> >>>> setfacl: Option -m: Invalid argument near character 3 >>>> >>> You should enter: >>> >>> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Apparently Analagous Threads
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3