G'day all,
One thing to note before I begin, if you think this e-mail should be targeted at
the linux-cifs folks (or anywhere else for that matter) and not the samba
general mailing list, please feel free to tell me.
I've been running our fileserver for a while without ACLs and off the ADS
domain so that my boss, a few employees and I could access backups and share
project files. After a recent hardware upgrade we've decided to get on the
ADS domain and make proper use of ACLs. I have Samba set up, joined the domain
and have set up (what I thought was) proper ACLs. I've tested to make sure
that ADS domain users can log in and access files without problem through SSH
(at least until I figure this out). However, Samba (or perhaps it's the
Linux CIFS client) seems to ignore ACL permissions when it comes to determining
file access.
If I use an ADS domain user and/or group for non-ACL (Unix) permissions, I can
authenticate as that user and access files just fine. However, when I move file
ownership to a local user and add ADS domain users/groups to the ACLs instead,
authentication is successful as one of those ADS domain users, but the client
will generally deny me permission due to insufficient permissions.
If this is indeed a Samba issue then I'll be happy to post my config files.
I've encountered this with both Samba 3.4.6 (on Gentoo) and 3.5.3 (on Fedora
13). If it's not a Samba issue, could someone perhaps confirm or deny that
my problems are related to the issue being discussed at:
http://patchwork.ozlabs.org/patch/47002/
Thanks,
Thomas
