I have a domain member samba server set up with winbind
and compiled with acl support sharing out an ext3 filesystem,
also with acl support. Some bits of smb.conf (with names
changed to protect the innocent):
---
[global]
workgroup = XYZATL
realm = XYZ.COM
security = domain
password server = *
winbind separator = +
idmap uid = 10000-65000
idmap gid = 10000-65000
winbind enum users = yes
winbind enum groups = yes
winbind enable local accounts = no
admin users = XYZATL\theman
netbios name = ATL-ARCHIVE
local master = no
dns proxy = no
nt acl support = yes
[Archive]
path = /mnt/samba/archive
public = yes
writable = yes
---
winbind seems to work great. wbinfo -u, getent both show
what the documentation indicate they should. I can
setfacl the files with the nt groups -- super cool.
My problem is that XP clients logged in as theman can't
modify the acls (security tab / advanced). I see
something funny in winbindd.log that comes right about
the time the client gets 'access denied' messages:
[2004/05/25 10:01:45, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
group theman in domain ATL-ARCHIVE does not exist
Why would he be treating the netbios name as the domain?
Is this a windows funny?
Any help would be *much* appreciated.
Cheers,
Sam
