hi,
i'm experiencing a strange behaviour when setting ACL from Windows XP
clients (server is BDC with LDAP) after migrating service from SLES 9.3
to SLES 10.1:
i can't set ACL to a folder to give access to individual users without
allowing the group of the creator. step by step, i tried to remove group
permissions (which worked fine) but, when i add permissions to other
users, group permissions become effective for the group in the
directory (but no in its subfolders)
the correct behaviour is that i can allow access to several users
without access for the group, and this was working after the migration.
it could be a different ACL behaviour between SLES 9 (Samba
3.0.20b-3.17-1297-SUSE) and SLES 10 (Samba 3.0.28-0.2-1625-SUSE-CODE10)?
how i can get ACL working if so?
information about my configuration:
* users become to a common group (ie, group1) to get access to shares
* shares are 770 (owner root, group group1)
* smb config for shares:
[test]
path = /data/test
read only = no
browseable = no
create mask = 0660
directory mask = 0770
write list = @GROUP1
read list = @GROUP1
force group = GROUP1
valid users = @GROUP1, @"Domain Admins"
* smb global config (relevant)
[global]
netbios name = server
workgroup = wg
security = user
os level = 45
preferred master = no
domain master = no
local master = yes
mangling method = hash2
encrypt passwords = yes
domain logons = yes
logon path passdb backend = ldapsam:"ldap://localhost"
ldap suffix = dc=wg,dc=intranet
ldap admin dn = cn=Manager,dc=wg,dc=intranet
ldap ssl = yes
ldap machine suffix = ou=Machines
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap passwd sync = Yes
ldap delete dn = Yes
enable privileges = yes
unix password sync = no
unix extensions = no
nt acl support = yes
inherit acls = yes
thanks in advance,
toni