Rich Webb
2014-Dec-18 20:55 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Hi, I have a Samba 4 AD DC running for which I now want to create a file share on it and control permissions through windows. I provisioned the domain with this command: samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2 --use-ntvfs My share definition in my smb.conf is as follows: [Shared] comment = Shared Files path = /home/shares/shared I tried following the howto for setting ACLs from windows by managing the dc from a windows PC using computr management. I get an access denied error when trying to apply permissions. I tried setting the permissions from the command line using: setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared and it gives me: setfacl: Option -m: Invalid argument near character 3 I've spent hours googling trying to find some indication as to what is going on but I can't seem to figure out what is happening. My filesystem is mounted with the necessary options: UUID=f45e8060-3a37-428e-9e6c-680012a87009 /home/shares ext4 user_xattr,acl,barrier=1,rw 1 1 I also did the acl test from this wiki article: https://wiki.samba.org/index.php/OS_Requirements#Testing_Your_Filesystem and it was successful. I'm missing some piece of information but I can't figure out what. If needed here is the rest of my smb.conf: # Global parameters [global] workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL netbios name = DC1 server role = active directory domain controller dns forwarder = 8.8.8.8 server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dns$ idmap_ldb:use rfc2307 = yes create mode = 0660 directory mode = 0770 tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem tls cafile = tls/ca.pem [netlogon] path = /var/lib/samba/sysvol/mydomain.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Thanks, Rich
Miguel Medalha
2014-Dec-18 21:42 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
> I tried setting the permissions from the command line using: > > setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared > > and it gives me: > > setfacl: Option -m: Invalid argument near character 3 >You should enter: setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared
Rich Webb
2014-Dec-18 23:28 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
I just tried that and I got the same error. I think there is some extended acl support that I'm missing somewhere. It's like the setfacl command is not recognizing the AD groups as valid groups. I should also add the following information: This server is built up on CentOS 6.6 Minimal using the Sernet-Samba Enterprise packages. It looks like the binary that is running is /usr/sbin/samba and that is started with /etc/rc.d/init.d/sernet-samba-ad start Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha Sent: Thursday, December 18, 2014 4:42 PM To: Rich Webb; samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3> I tried setting the permissions from the command line using: > > setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared > > and it gives me: > > setfacl: Option -m: Invalid argument near character 3 >You should enter: setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3