samba - Nov 2012 - getfacl returning strange active directory group name SLES11

Hi SAMBA Gurus,

this question does not realy match SAMBA, but its somehow related and i 
was not able to find some sattisfying answer yet anywhere else. So im 
hopeing for some expert here who may knows this.

I described my case in a SLES Forum at:

https://forums.suse.com/showthread.php?2046-getfacl-returning-strange-active-directory-group-name-SLES11

Given:

SLES 11 SP1 with SAMBA/Winbind joined to Active Directory "AD" using
AD
Role Groups in ACLs on ext3 Filesystem

Im playing around with Linux Filesystem ACLs on a ext3 FS but using 
Active Directory (AD-)Users and AD-Groups for access controll to files 
and folders, thanks to winbind this is.

While i have to use "setfacl" just the way its been described in the
man
page using properly formed "AD\adgroupname" and
"AD\adusername" syntax,
the "getfacl" however returns ALWAYS something strange i was not able
to
find something matching on the internet nor the man page nor the suse 
manuals.

See this output :

~~~~~~~~~~~~~~~~~~~~~~~~~
hostname:/tmp # getfacl -p /data1/testing-acls/

# file: /data1/testing-acls/
# owner: root
# group: root
user::rwx
user:someLocalLinuxUserName:rwx
user:AD\134someAdUserName:rwx
group::rwx
group:AD\134rol-grp-access-control-rw:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:AD\134rol-grp-access-control-rw:rwx
default:mask::rwx
default:other::---

hostname:/tmp #
~~~~~~~~~~~~~~~~~~~~~~~~~

As you can see, local Linux-Users and Groups (not shown here but been 
tested) will be shown correctly and as expected. AD Users and AD Groups 
however contain some strange "number" after the Domain Prefix and the 
before the AD-Group- or AD-Username.

Anyone here KNOWS what this is and why its there?

i compared this to some ancient debian 5 installation that we had laying 
around. NOT joined to an AD but also runs some old SAMBA as a primary 
domain controller. There it seems its pretty much the same. Whenever 
some "windows user" or "windows group" has been written to
the
filesystem ACL the getfacl reports that strange number in between.


THANKS in advance for any competent Answer/Pointing!

greets
Axel

Dudes, realy ?!?! No one here KNOWS what that numbers are about ?!? No 
one else got this behavior wiht "getfacl" ?



Am 29.11.2012 12:00, schrieb Axel Werner:
>
> Hi SAMBA Gurus,
>
> this question does not realy match SAMBA, but its somehow related and i
> was not able to find some sattisfying answer yet anywhere else. So im
> hopeing for some expert here who may knows this.
>
> I described my case in a SLES Forum at:
>
>
https://forums.suse.com/showthread.php?2046-getfacl-returning-strange-active-directory-group-name-SLES11
>
>
> Given:
>
> SLES 11 SP1 with SAMBA/Winbind joined to Active Directory "AD"
using AD
> Role Groups in ACLs on ext3 Filesystem
>
> Im playing around with Linux Filesystem ACLs on a ext3 FS but using
> Active Directory (AD-)Users and AD-Groups for access controll to files
> and folders, thanks to winbind this is.
>
> While i have to use "setfacl" just the way its been described in
the man
> page using properly formed "AD\adgroupname" and
"AD\adusername" syntax,
> the "getfacl" however returns ALWAYS something strange i was not
able to
> find something matching on the internet nor the man page nor the suse
> manuals.
>
> See this output :
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~
> hostname:/tmp # getfacl -p /data1/testing-acls/
>
> # file: /data1/testing-acls/
> # owner: root
> # group: root
> user::rwx
> user:someLocalLinuxUserName:rwx
> user:AD\134someAdUserName:rwx
> group::rwx
> group:AD\134rol-grp-access-control-rw:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:AD\134rol-grp-access-control-rw:rwx
> default:mask::rwx
> default:other::---
>
> hostname:/tmp #
> ~~~~~~~~~~~~~~~~~~~~~~~~~
>
> As you can see, local Linux-Users and Groups (not shown here but been
> tested) will be shown correctly and as expected. AD Users and AD Groups
> however contain some strange "number" after the Domain Prefix and
the
> before the AD-Group- or AD-Username.
>
> Anyone here KNOWS what this is and why its there?
>
> i compared this to some ancient debian 5 installation that we had laying
> around. NOT joined to an AD but also runs some old SAMBA as a primary
> domain controller. There it seems its pretty much the same. Whenever
> some "windows user" or "windows group" has been written
to the
> filesystem ACL the getfacl reports that strange number in between.
>
>
> THANKS in advance for any competent Answer/Pointing!
>
> greets
> Axel
>
>