On Samba 3.0.24, on Solaris 10, I can set ACLs from the command line
using setfacl and view them using getfacl. When I look at the security
for the mounted share on Windows, I only see the owner, group and world
permissions. I can modify those permissions, at least for world. What
I can't do is add another user or group to the ACL. I get the error
"Unable to save permission changes on directory on 'croesus running
samba (ipaddress)' (driveletter:).
Access is denied."
samba is compiled with ACL support, the fs and kernel support it. I'm
logging in to the samba server as the owner of the file and directory
(whose UID comes from winbind, it's an AD user). Both the user and it's
group is on the list of admin users in the share config. I'm starting
to run out of ideas here to be honest. Running at log level 2, I don't
see anything in the logs when I try to add a new user or group to the
ACL. Any thoughts please?
~Eric
the relevant sections of the smb.conf file:
[global]
workgroup = W2K3TEST
realm = W2K3TEST.LOCAL
server string = croesus running samba
security = ADS
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
[afiles]
path = /foo/afiles
admin users = W2K3TEST+bobadmin, @W2K3TEST+admins
read only = No
