I can't seem to verify whether or my first attempt at sending this
message was successful, so I'm reposting it, using a different method. I
apologize if anyone has seen it already.
I have a Samba server, joined to my Windows Active Directory domain, and
I'm having a problem setting ACLs on a share from Windows. On Windows, I
get the error message "Unable to save permission changes on <folder>.
The
parameter is incorrect." and when I look in my Samba log, I see the
message "ACL is invalid for set (Invalid argument)".
"getent passwd" and "getent group" return both local and AD
users and
groups, respectively.
Here are the relevant lines from my smb.conf:
[global]
workgroup = <My domain>
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
log level = 3 winbind:10 acls:10
security = ads
realm = <My domain>.LOCAL
encrypt passwords = yes
idmap uid = 2000-10000
idmap gid = 2000-10000
winbind enum groups = yes
winbind enum users = yes
wins server = 10.0.0.65
load printers = no
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[paperport]
comment = Test share for PaperPort images
path = /u1/images
admin users = <My domain>\<user1> <My
domain>\<me>
public = yes
writable = yes
browseable = yes
I'm sure I'm missing something minor, but I can't figure out what it
is.
Anyone have any ideas?
Thanks
> > > > I have a Samba server,Operating system Samba Version. Does *Nix file system used support ACL's? Are ACL's turned on for the samba share mountpoint?> > joined to my Windows Active Directory domain, and > I'm having a problem setting ACLs on a share from Windows. On Windows, > I > get the error message "Unable to save permission changes on <folder>. > The > parameter is incorrect." and when I look in my Samba log, I see the > message "ACL is invalid for set (Invalid argument)". > > "getent passwd" and "getent group" return both local and AD users and > groups, respectively. > > Here are the relevant lines from my smb.conf: > > [global] > workgroup = <My domain> > server string = Samba Server Version %v > log file = /var/log/samba/log.%m > max log size = 50 > log level = 3 winbind:10 acls:10 > security = ads > realm = <My domain>.LOCAL > encrypt passwords = yes > idmap uid = 2000-10000 > idmap gid = 2000-10000 > winbind enum groups = yes > winbind enum users = yes > wins server = 10.0.0.65 > load printers = no > cups options = raw > [homes] > comment = Home Directories > browseable = no > writable = yes > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > [paperport] > comment = Test share for PaperPort images > path = /u1/images > admin users = <My domain>\<user1> <My domain>\<me> > public = yes > writable = yes > browseable = yes > > I'm sure I'm missing something minor, but I can't figure out what it > is. > Anyone have any ideas? > > Thanks > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
It works for me - Solaris 10, ZFS file system, configured as a PDC or BDC
#testparm -v | grep "acl "
acl compatibility = auto
acl check permissions = Yes
acl group control = No
acl map full control = Yes
force unknown acl user = No
nt acl support = Yes
map acl inherit = No
If you are on linux, ext3 and ext4 should support acl's.
Can you use "setfacl" to change permissions on a file on the unix
level
using the uid of a domain user?
Can you, in windows, set permissions for someone defined as a local user?
That might indicated if the problem is really with ACL's or if the problem
is with winbind retrieving users from the domain controller. (Although
getent seems to indicate that that winbind is not the problem.)
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Dadoo
Sent: Saturday, July 03, 2010 3:46 AM
To: samba at lists.samba.org
Subject: [Samba] Set ACLs on Samba share from Windows
I can't seem to verify whether or my first attempt at sending this
message was successful, so I'm reposting it, using a different method. I
apologize if anyone has seen it already.
I have a Samba server, joined to my Windows Active Directory domain, and
I'm having a problem setting ACLs on a share from Windows. On Windows, I
get the error message "Unable to save permission changes on <folder>.
The
parameter is incorrect." and when I look in my Samba log, I see the
message "ACL is invalid for set (Invalid argument)".
"getent passwd" and "getent group" return both local and AD
users and
groups, respectively.
Here are the relevant lines from my smb.conf:
[global]
workgroup = <My domain>
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
log level = 3 winbind:10 acls:10
security = ads
realm = <My domain>.LOCAL
encrypt passwords = yes
idmap uid = 2000-10000
idmap gid = 2000-10000
winbind enum groups = yes
winbind enum users = yes
wins server = 10.0.0.65
load printers = no
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[paperport]
comment = Test share for PaperPort images
path = /u1/images
admin users = <My domain>\<user1> <My
domain>\<me>
public = yes
writable = yes
browseable = yes
I'm sure I'm missing something minor, but I can't figure out what it
is.
Anyone have any ideas?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
> > Is this an OS setting or a Samba setting?File system/OS. For instance, with FreeBSD in /etc/fstab I might have /dev/ad8s3d /home/samba ufs rw,acls 2 2 Check your OS manual regarding settings for the file system you are using. TMS III> > > > Thanks. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Sun, 04 Jul 2010 20:26:47 -0400, Gaiseric Vandal wrote:> It works for me - Solaris 10, ZFS file system, configured as a PDC or > BDC > > #testparm -v | grep "acl " > > acl compatibility = auto > acl check permissions = Yes > acl group control = No > acl map full control = Yes > force unknown acl user = No > nt acl support = Yes > map acl inherit = No"testparm" gives me the same output.
On Tue, 06 Jul 2010 22:30:43 -0700, tms3 wrote:>> Is this an OS setting or a Samba setting? > > File system/OS.Yes, the filesystem supports ACLs. If it helps any, this is the output from "getfacl": # owner: <My domain>\134<user1> # group: <My domain>\134mis user::rwx user:<My domain>\134<me>:rwx user:<My domain>\134administrator:rwx user:<My domain>\134<user2>:rwx user:<My domain>\134<user3>:rwx group::rwx group:<My domain>\134accounting:rwx mask::rwx other::rwx default:user::rwx default:user:<My domain>\134<user1>:rwx default:user:<My domain>\134administrator:rwx default:user:<My domain>\134<user2>:rwx default:user:<My domain>\134<user3>:rwx default:group::--- default:mask::rwx default:other::---
Hallo, Dadoo, Du meintest am 08.07.10:>> #testparm -v | grep "acl " >> >> acl compatibility = auto >> acl check permissions = Yes >> acl group control = No >> acl map full control = Yes >> force unknown acl user = No >> nt acl support = Yes >> map acl inherit = No> "testparm" gives me the same output.Just control with testparm -sv these options show what Samba does use, not only what is written into the "smb.conf". Viele Gruesse! Helmut