Rowland Penny
2014-Dec-19 13:36 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
On 19/12/14 13:22, Rich Webb wrote:> Matt, > > Thanks for the reply. I'm not trying to add the "users" group. I'm > trying to add the "Domain Users" group. That is the reason for the \ in > front of the space. It's translated as a literal. I think I could also > put quotes around it and not have to use the \ and the space. > > The problem is getent group only is listing local unix groups. I think > that is why setfacl is not able to add active directory groups to the > acl.That may be your problem, 'getent group' will not show any domain group, but 'getent group <a domain group>' should show the domain group. If you are running samba4 in AD mode, then you are running winbind, though you may not be **using** it. Can you post what OS & samba packages you are using. Rowland> > Rich. > > -----Original Message----- > From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] > Sent: Friday, December 19, 2014 12:15 AM > To: Rich Webb > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > Hello Rich, > > First of all remove space in front of the group name "users": > > setfacl -R -m g:MYDOM\\domain\users:rwx ./shared > > For example, following command works for me: > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 > > [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 > > [root at vmtest007 tmp]# getfacl test4 > # file: test4 > # owner: root > # group: g-sales > # flags: -s- > user::rwx > group::rwx > group:g-admin:rwx > mask::rwx > other::r-x > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 > > where MYDOMAIN is windows domain name and g-admin is a group name in > MYDOMAIN. > Make sure that group "users" exists by running "getent group users" > command, for e.g. in my case: > [root at vmtest007 tmp]# getent group g-admin > g-admin:x:91608:alex,bill,joe,kevin > > Regards, > Matt > > ________________________________________ > From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on > behalf of Rich Webb <rwebb at zylatech.com> > Sent: Thursday, December 18, 2014 8:33 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > Please is there anyone who has an answer on why this might be happening? > Do I need some sort of sssd support or winbind or something? In the > wiki about setting up acl's it doesn't say anything about any other > requirements, only that you have to have acl support and xattr support > in your filesystem which I do. > > I'm trying to deploy this server and I need a working solution tomorrow > - kind of in a bind.. I hope someone can help. > > Thanks, > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb > Sent: Thursday, December 18, 2014 6:29 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > I just tried that and I got the same error. I think there is some > extended acl support that I'm missing somewhere. > > It's like the setfacl command is not recognizing the AD groups as valid > groups. > > I should also add the following information: > > This server is built up on CentOS 6.6 Minimal using the Sernet-Samba > Enterprise packages. > > It looks like the binary that is running is /usr/sbin/samba and that is > started with /etc/rc.d/init.d/sernet-samba-ad start > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha > Sent: Thursday, December 18, 2014 4:42 PM > To: Rich Webb; samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > You should enter: > > setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rich Webb
2014-Dec-19 13:40 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Running CentOS 6.6 Using the Sernet Enterprise packages - sernet-samba-ad. Just tried: getent group "Domain Users" getent group DOMAIN\\Domain\ Users and neither command returned any entries. Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny Sent: Friday, December 19, 2014 8:37 AM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 On 19/12/14 13:22, Rich Webb wrote:> Matt, > > Thanks for the reply. I'm not trying to add the "users" group. I'm > trying to add the "Domain Users" group. That is the reason for the \ > in front of the space. It's translated as a literal. I think I could> also put quotes around it and not have to use the \ and the space. > > The problem is getent group only is listing local unix groups. I > think that is why setfacl is not able to add active directory groups > to the acl.That may be your problem, 'getent group' will not show any domain group, but 'getent group <a domain group>' should show the domain group. If you are running samba4 in AD mode, then you are running winbind, though you may not be **using** it. Can you post what OS & samba packages you are using. Rowland> > Rich. > > -----Original Message----- > From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] > Sent: Friday, December 19, 2014 12:15 AM > To: Rich Webb > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near > character > 3 > > Hello Rich, > > First of all remove space in front of the group name "users": > > setfacl -R -m g:MYDOM\\domain\users:rwx ./shared > > For example, following command works for me: > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 > > [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 > > [root at vmtest007 tmp]# getfacl test4 > # file: test4 > # owner: root > # group: g-sales > # flags: -s- > user::rwx > group::rwx > group:g-admin:rwx > mask::rwx > other::r-x > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 > > where MYDOMAIN is windows domain name and g-admin is a group name in > MYDOMAIN. > Make sure that group "users" exists by running "getent group users" > command, for e.g. in my case: > [root at vmtest007 tmp]# getent group g-admin > g-admin:x:91608:alex,bill,joe,kevin > > Regards, > Matt > > ________________________________________ > From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on> behalf of Rich Webb <rwebb at zylatech.com> > Sent: Thursday, December 18, 2014 8:33 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near > character > 3 > > Please is there anyone who has an answer on why this might behappening?> Do I need some sort of sssd support or winbind or something? In the > wiki about setting up acl's it doesn't say anything about any other > requirements, only that you have to have acl support and xattr support> in your filesystem which I do. > > I'm trying to deploy this server and I need a working solution > tomorrow > - kind of in a bind.. I hope someone can help. > > Thanks, > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb > Sent: Thursday, December 18, 2014 6:29 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near > character > 3 > > I just tried that and I got the same error. I think there is some > extended acl support that I'm missing somewhere. > > It's like the setfacl command is not recognizing the AD groups as > valid groups. > > I should also add the following information: > > This server is built up on CentOS 6.6 Minimal using the Sernet-Samba > Enterprise packages. > > It looks like the binary that is running is /usr/sbin/samba and that > is started with /etc/rc.d/init.d/sernet-samba-ad start > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha > Sent: Thursday, December 18, 2014 4:42 PM > To: Rich Webb; samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near > character > 3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > You should enter: > > setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2014-Dec-19 13:53 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Im did not follow the complete thread, but you can check the following. smb.conf ## map id's outside to domain to tdb files. idmap config *:backend = tdb idmap config *:range = 50001-80000 ## map ids from the domain the range may not overlap ! idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = yes nsswich.conf passwd: compat winbind group: compat winbind optional. : idmapd.conf : add : [Translation] Method = nsswitch test: wbinfo -u wbinfo -g wbinfo -p hostname -s hostname -f hostname -d ( optional hostname -y ) hostname -i ( should return the ip or your server ) ( optional ) dig -x IP_OF_PROBLEM_MACHINE @YOURDC.domain.tld (or @AD_DC_IP ) for me : getent group "domain users" domain users:x:10000: and You did set the UNIX id on the "Domain Users" group? Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rwebb at zylatech.com [mailto:samba-bounces at lists.samba.org] >Namens Rich Webb >Verzonden: vrijdag 19 december 2014 14:40 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] setfacl: Option -m: Invalid argument >near character 3 > >Running CentOS 6.6 >Using the Sernet Enterprise packages - sernet-samba-ad. > >Just tried: > >getent group "Domain Users" >getent group DOMAIN\\Domain\ Users > >and neither command returned any entries. > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny >Sent: Friday, December 19, 2014 8:37 AM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >On 19/12/14 13:22, Rich Webb wrote: >> Matt, >> >> Thanks for the reply. I'm not trying to add the "users" group. I'm >> trying to add the "Domain Users" group. That is the reason >for the \ >> in front of the space. It's translated as a literal. I >think I could > >> also put quotes around it and not have to use the \ and the space. >> >> The problem is getent group only is listing local unix groups. I >> think that is why setfacl is not able to add active directory groups >> to the acl. > >That may be your problem, 'getent group' will not show any >domain group, >but 'getent group <a domain group>' should show the domain group. > >If you are running samba4 in AD mode, then you are running winbind, >though you may not be **using** it. > >Can you post what OS & samba packages you are using. > >Rowland >> >> Rich. >> >> -----Original Message----- >> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >> Sent: Friday, December 19, 2014 12:15 AM >> To: Rich Webb >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Hello Rich, >> >> First of all remove space in front of the group name "users": >> >> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >> >> For example, following command works for me: >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >> >> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >> >> [root at vmtest007 tmp]# getfacl test4 >> # file: test4 >> # owner: root >> # group: g-sales >> # flags: -s- >> user::rwx >> group::rwx >> group:g-admin:rwx >> mask::rwx >> other::r-x >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >> >> where MYDOMAIN is windows domain name and g-admin is a group name in >> MYDOMAIN. >> Make sure that group "users" exists by running "getent group users" >> command, for e.g. in my case: >> [root at vmtest007 tmp]# getent group g-admin >> g-admin:x:91608:alex,bill,joe,kevin >> >> Regards, >> Matt >> >> ________________________________________ >> From: samba-bounces at lists.samba.org ><samba-bounces at lists.samba.org> on > >> behalf of Rich Webb <rwebb at zylatech.com> >> Sent: Thursday, December 18, 2014 8:33 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Please is there anyone who has an answer on why this might be >happening? >> Do I need some sort of sssd support or winbind or something? In the >> wiki about setting up acl's it doesn't say anything about any other >> requirements, only that you have to have acl support and >xattr support > >> in your filesystem which I do. >> >> I'm trying to deploy this server and I need a working solution >> tomorrow >> - kind of in a bind.. I hope someone can help. >> >> Thanks, >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >> Sent: Thursday, December 18, 2014 6:29 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> I just tried that and I got the same error. I think there is some >> extended acl support that I'm missing somewhere. >> >> It's like the setfacl command is not recognizing the AD groups as >> valid groups. >> >> I should also add the following information: >> >> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >> Enterprise packages. >> >> It looks like the binary that is running is /usr/sbin/samba and that >> is started with /etc/rc.d/init.d/sernet-samba-ad start >> >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >> Sent: Thursday, December 18, 2014 4:42 PM >> To: Rich Webb; samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> >>> I tried setting the permissions from the command line using: >>> >>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>> >>> and it gives me: >>> >>> setfacl: Option -m: Invalid argument near character 3 >>> >> You should enter: >> >> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Rowland Penny
2014-Dec-19 14:02 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
On 19/12/14 13:40, Rich Webb wrote:> Running CentOS 6.6 > Using the Sernet Enterprise packages - sernet-samba-ad. > > Just tried: > > getent group "Domain Users" > getent group DOMAIN\\Domain\ Users > > and neither command returned any entries. > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny > Sent: Friday, December 19, 2014 8:37 AM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > On 19/12/14 13:22, Rich Webb wrote: >> Matt, >> >> Thanks for the reply. I'm not trying to add the "users" group. I'm >> trying to add the "Domain Users" group. That is the reason for the \ >> in front of the space. It's translated as a literal. I think I could >> also put quotes around it and not have to use the \ and the space. >> >> The problem is getent group only is listing local unix groups. I >> think that is why setfacl is not able to add active directory groups >> to the acl. > That may be your problem, 'getent group' will not show any domain group, > but 'getent group <a domain group>' should show the domain group. > > If you are running samba4 in AD mode, then you are running winbind, > though you may not be **using** it. > > Can you post what OS & samba packages you are using. > > Rowland >> Rich. >> >> -----Original Message----- >> From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >> Sent: Friday, December 19, 2014 12:15 AM >> To: Rich Webb >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Hello Rich, >> >> First of all remove space in front of the group name "users": >> >> setfacl -R -m g:MYDOM\\domain\users:rwx ./shared >> >> For example, following command works for me: >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 >> >> [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 >> >> [root at vmtest007 tmp]# getfacl test4 >> # file: test4 >> # owner: root >> # group: g-sales >> # flags: -s- >> user::rwx >> group::rwx >> group:g-admin:rwx >> mask::rwx >> other::r-x >> >> [root at vmtest007 tmp]# ls -ld test4 >> drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 >> >> where MYDOMAIN is windows domain name and g-admin is a group name in >> MYDOMAIN. >> Make sure that group "users" exists by running "getent group users" >> command, for e.g. in my case: >> [root at vmtest007 tmp]# getent group g-admin >> g-admin:x:91608:alex,bill,joe,kevin >> >> Regards, >> Matt >> >> ________________________________________ >> From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on >> behalf of Rich Webb <rwebb at zylatech.com> >> Sent: Thursday, December 18, 2014 8:33 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> Please is there anyone who has an answer on why this might be > happening? >> Do I need some sort of sssd support or winbind or something? In the >> wiki about setting up acl's it doesn't say anything about any other >> requirements, only that you have to have acl support and xattr support >> in your filesystem which I do. >> >> I'm trying to deploy this server and I need a working solution >> tomorrow >> - kind of in a bind.. I hope someone can help. >> >> Thanks, >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >> Sent: Thursday, December 18, 2014 6:29 PM >> To: samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> I just tried that and I got the same error. I think there is some >> extended acl support that I'm missing somewhere. >> >> It's like the setfacl command is not recognizing the AD groups as >> valid groups. >> >> I should also add the following information: >> >> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >> Enterprise packages. >> >> It looks like the binary that is running is /usr/sbin/samba and that >> is started with /etc/rc.d/init.d/sernet-samba-ad start >> >> Rich >> >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >> Sent: Thursday, December 18, 2014 4:42 PM >> To: Rich Webb; samba at lists.samba.org >> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >> character >> 3 >> >> >>> I tried setting the permissions from the command line using: >>> >>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >>> >>> and it gives me: >>> >>> setfacl: Option -m: Invalid argument near character 3 >>> >> You should enter: >> >> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaOK, do you have 'libnss_winbind.so' on your system ? it would normal be in /usr/lib or similar. If you have, then it probably just needs 'winbind' adding to the 'passwd' & 'groups' lines in /etc/nsswitch.conf. If you cannot find it then it needs to be installed, anybody know which Sernet package provides it ?? Rowland
Reasonably Related Threads
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3