Rich Webb
2014-Dec-18 23:28 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
I just tried that and I got the same error. I think there is some extended acl support that I'm missing somewhere. It's like the setfacl command is not recognizing the AD groups as valid groups. I should also add the following information: This server is built up on CentOS 6.6 Minimal using the Sernet-Samba Enterprise packages. It looks like the binary that is running is /usr/sbin/samba and that is started with /etc/rc.d/init.d/sernet-samba-ad start Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha Sent: Thursday, December 18, 2014 4:42 PM To: Rich Webb; samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3> I tried setting the permissions from the command line using: > > setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared > > and it gives me: > > setfacl: Option -m: Invalid argument near character 3 >You should enter: setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rich Webb
2014-Dec-19 01:33 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Please is there anyone who has an answer on why this might be happening? Do I need some sort of sssd support or winbind or something? In the wiki about setting up acl's it doesn't say anything about any other requirements, only that you have to have acl support and xattr support in your filesystem which I do. I'm trying to deploy this server and I need a working solution tomorrow - kind of in a bind.. I hope someone can help. Thanks, Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb Sent: Thursday, December 18, 2014 6:29 PM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 I just tried that and I got the same error. I think there is some extended acl support that I'm missing somewhere. It's like the setfacl command is not recognizing the AD groups as valid groups. I should also add the following information: This server is built up on CentOS 6.6 Minimal using the Sernet-Samba Enterprise packages. It looks like the binary that is running is /usr/sbin/samba and that is started with /etc/rc.d/init.d/sernet-samba-ad start Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha Sent: Thursday, December 18, 2014 4:42 PM To: Rich Webb; samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3> I tried setting the permissions from the command line using: > > setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared > > and it gives me: > > setfacl: Option -m: Invalid argument near character 3 >You should enter: setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hauke Homburg
2014-Dec-19 07:51 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Am 19.12.2014 02:33, schrieb Rich Webb:> Please is there anyone who has an answer on why this might be happening? > Do I need some sort of sssd support or winbind or something? In the > wiki about setting up acl's it doesn't say anything about any other > requirements, only that you have to have acl support and xattr support > in your filesystem which I do. > > I'm trying to deploy this server and I need a working solution tomorrow > - kind of in a bind.. I hope someone can help. > > Thanks, > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb > Sent: Thursday, December 18, 2014 6:29 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > I just tried that and I got the same error. I think there is some > extended acl support that I'm missing somewhere. > > It's like the setfacl command is not recognizing the AD groups as valid > groups. > > I should also add the following information: > > This server is built up on CentOS 6.6 Minimal using the Sernet-Samba > Enterprise packages. > > It looks like the binary that is running is /usr/sbin/samba and that is > started with /etc/rc.d/init.d/sernet-samba-ad start > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha > Sent: Thursday, December 18, 2014 4:42 PM > To: Rich Webb; samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > You should enter: > > setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaI set the ACL with the following Line: setfacl -R -m d:g:"<Domain>\domain admins":rwx,g:root:rwx<Directory> I used this on a SAMBA 3 Memberserver with winbind for SAMBA3 and PAM. The Membererver is to a SAMBA 4 DC connected. greetings
Rowland Penny
2014-Dec-19 09:24 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
On 19/12/14 01:33, Rich Webb wrote:> Please is there anyone who has an answer on why this might be happening? > Do I need some sort of sssd support or winbind or something? In the > wiki about setting up acl's it doesn't say anything about any other > requirements, only that you have to have acl support and xattr support > in your filesystem which I do. > > I'm trying to deploy this server and I need a working solution tomorrow > - kind of in a bind.. I hope someone can help. > > Thanks, > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb > Sent: Thursday, December 18, 2014 6:29 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > I just tried that and I got the same error. I think there is some > extended acl support that I'm missing somewhere. > > It's like the setfacl command is not recognizing the AD groups as valid > groups. > > I should also add the following information: > > This server is built up on CentOS 6.6 Minimal using the Sernet-Samba > Enterprise packages. > > It looks like the binary that is running is /usr/sbin/samba and that is > started with /etc/rc.d/init.d/sernet-samba-ad start > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha > Sent: Thursday, December 18, 2014 4:42 PM > To: Rich Webb; samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > You should enter: > > setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaHi, if I create a dir on one of my DC's and then set an ACL on it: root at dc01:~# mkdir testdir root at dc01:~# setfacl -m d:g:'domain admins':rwx ./testdir root at dc01:~# getfacl ./testdir # file: testdir # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:group:EXAMPLE\134Domain\040Admins:rwx default:mask::rwx default:other::r-x So you can see it works, Don't know why others have suggested using '-R', all it does is make setfacl recurse into directories. I think your problem is this: '--use-ntvfs' Try turning it off, see here, under the heading 'Starting s3fs': https://wiki.samba.org/index.php/Samba4/s3fs Rowland
Rich Webb
2014-Dec-19 13:22 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
Matt, Thanks for the reply. I'm not trying to add the "users" group. I'm trying to add the "Domain Users" group. That is the reason for the \ in front of the space. It's translated as a literal. I think I could also put quotes around it and not have to use the \ and the space. The problem is getent group only is listing local unix groups. I think that is why setfacl is not able to add active directory groups to the acl. Rich. -----Original Message----- From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] Sent: Friday, December 19, 2014 12:15 AM To: Rich Webb Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 Hello Rich, First of all remove space in front of the group name "users": setfacl -R -m g:MYDOM\\domain\users:rwx ./shared For example, following command works for me: [root at vmtest007 tmp]# ls -ld test4 drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 [root at vmtest007 tmp]# getfacl test4 # file: test4 # owner: root # group: g-sales # flags: -s- user::rwx group::rwx group:g-admin:rwx mask::rwx other::r-x [root at vmtest007 tmp]# ls -ld test4 drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 where MYDOMAIN is windows domain name and g-admin is a group name in MYDOMAIN. Make sure that group "users" exists by running "getent group users" command, for e.g. in my case: [root at vmtest007 tmp]# getent group g-admin g-admin:x:91608:alex,bill,joe,kevin Regards, Matt ________________________________________ From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on behalf of Rich Webb <rwebb at zylatech.com> Sent: Thursday, December 18, 2014 8:33 PM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 Please is there anyone who has an answer on why this might be happening? Do I need some sort of sssd support or winbind or something? In the wiki about setting up acl's it doesn't say anything about any other requirements, only that you have to have acl support and xattr support in your filesystem which I do. I'm trying to deploy this server and I need a working solution tomorrow - kind of in a bind.. I hope someone can help. Thanks, Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb Sent: Thursday, December 18, 2014 6:29 PM To: samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3 I just tried that and I got the same error. I think there is some extended acl support that I'm missing somewhere. It's like the setfacl command is not recognizing the AD groups as valid groups. I should also add the following information: This server is built up on CentOS 6.6 Minimal using the Sernet-Samba Enterprise packages. It looks like the binary that is running is /usr/sbin/samba and that is started with /etc/rc.d/init.d/sernet-samba-ad start Rich -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha Sent: Thursday, December 18, 2014 4:42 PM To: Rich Webb; samba at lists.samba.org Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character 3> I tried setting the permissions from the command line using: > > setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared > > and it gives me: > > setfacl: Option -m: Invalid argument near character 3 >You should enter: setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2014-Dec-19 13:36 UTC
[Samba] setfacl: Option -m: Invalid argument near character 3
On 19/12/14 13:22, Rich Webb wrote:> Matt, > > Thanks for the reply. I'm not trying to add the "users" group. I'm > trying to add the "Domain Users" group. That is the reason for the \ in > front of the space. It's translated as a literal. I think I could also > put quotes around it and not have to use the \ and the space. > > The problem is getent group only is listing local unix groups. I think > that is why setfacl is not able to add active directory groups to the > acl.That may be your problem, 'getent group' will not show any domain group, but 'getent group <a domain group>' should show the domain group. If you are running samba4 in AD mode, then you are running winbind, though you may not be **using** it. Can you post what OS & samba packages you are using. Rowland> > Rich. > > -----Original Message----- > From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] > Sent: Friday, December 19, 2014 12:15 AM > To: Rich Webb > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > Hello Rich, > > First of all remove space in front of the group name "users": > > setfacl -R -m g:MYDOM\\domain\users:rwx ./shared > > For example, following command works for me: > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 > > [root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 > > [root at vmtest007 tmp]# getfacl test4 > # file: test4 > # owner: root > # group: g-sales > # flags: -s- > user::rwx > group::rwx > group:g-admin:rwx > mask::rwx > other::r-x > > [root at vmtest007 tmp]# ls -ld test4 > drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 > > where MYDOMAIN is windows domain name and g-admin is a group name in > MYDOMAIN. > Make sure that group "users" exists by running "getent group users" > command, for e.g. in my case: > [root at vmtest007 tmp]# getent group g-admin > g-admin:x:91608:alex,bill,joe,kevin > > Regards, > Matt > > ________________________________________ > From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on > behalf of Rich Webb <rwebb at zylatech.com> > Sent: Thursday, December 18, 2014 8:33 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > Please is there anyone who has an answer on why this might be happening? > Do I need some sort of sssd support or winbind or something? In the > wiki about setting up acl's it doesn't say anything about any other > requirements, only that you have to have acl support and xattr support > in your filesystem which I do. > > I'm trying to deploy this server and I need a working solution tomorrow > - kind of in a bind.. I hope someone can help. > > Thanks, > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb > Sent: Thursday, December 18, 2014 6:29 PM > To: samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > I just tried that and I got the same error. I think there is some > extended acl support that I'm missing somewhere. > > It's like the setfacl command is not recognizing the AD groups as valid > groups. > > I should also add the following information: > > This server is built up on CentOS 6.6 Minimal using the Sernet-Samba > Enterprise packages. > > It looks like the binary that is running is /usr/sbin/samba and that is > started with /etc/rc.d/init.d/sernet-samba-ad start > > Rich > > -----Original Message----- > From: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha > Sent: Thursday, December 18, 2014 4:42 PM > To: Rich Webb; samba at lists.samba.org > Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character > 3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > You should enter: > > setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
What's the content of your /etc/nsswitch.conf? Am 19. Dezember 2014 14:22:56 MEZ, schrieb Rich Webb <rwebb at zylatech.com>:>Matt, > >Thanks for the reply. I'm not trying to add the "users" group. I'm >trying to add the "Domain Users" group. That is the reason for the \ >in >front of the space. It's translated as a literal. I think I could >also >put quotes around it and not have to use the \ and the space. > >The problem is getent group only is listing local unix groups. I think >that is why setfacl is not able to add active directory groups to the >acl. > >Rich. > >-----Original Message----- >From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] >Sent: Friday, December 19, 2014 12:15 AM >To: Rich Webb >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >Hello Rich, > >First of all remove space in front of the group name "users": > >setfacl -R -m g:MYDOM\\domain\users:rwx ./shared > >For example, following command works for me: > >[root at vmtest007 tmp]# ls -ld test4 >drwxrwsr-x. 2 root g-sales 4096 Dec 19 00:10 test4 > >[root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4 > >[root at vmtest007 tmp]# getfacl test4 ># file: test4 ># owner: root ># group: g-sales ># flags: -s- >user::rwx >group::rwx >group:g-admin:rwx >mask::rwx >other::r-x > >[root at vmtest007 tmp]# ls -ld test4 >drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4 > >where MYDOMAIN is windows domain name and g-admin is a group name in >MYDOMAIN. >Make sure that group "users" exists by running "getent group users" >command, for e.g. in my case: >[root at vmtest007 tmp]# getent group g-admin >g-admin:x:91608:alex,bill,joe,kevin > >Regards, >Matt > >________________________________________ >From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on >behalf of Rich Webb <rwebb at zylatech.com> >Sent: Thursday, December 18, 2014 8:33 PM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >Please is there anyone who has an answer on why this might be >happening? >Do I need some sort of sssd support or winbind or something? In the >wiki about setting up acl's it doesn't say anything about any other >requirements, only that you have to have acl support and xattr support >in your filesystem which I do. > >I'm trying to deploy this server and I need a working solution tomorrow >- kind of in a bind.. I hope someone can help. > >Thanks, >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb >Sent: Thursday, December 18, 2014 6:29 PM >To: samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > >I just tried that and I got the same error. I think there is some >extended acl support that I'm missing somewhere. > >It's like the setfacl command is not recognizing the AD groups as valid >groups. > >I should also add the following information: > >This server is built up on CentOS 6.6 Minimal using the Sernet-Samba >Enterprise packages. > >It looks like the binary that is running is /usr/sbin/samba and that is >started with /etc/rc.d/init.d/sernet-samba-ad start > >Rich > >-----Original Message----- >From: samba-bounces at lists.samba.org >[mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha >Sent: Thursday, December 18, 2014 4:42 PM >To: Rich Webb; samba at lists.samba.org >Subject: Re: [Samba] setfacl: Option -m: Invalid argument near >character >3 > > >> I tried setting the permissions from the command line using: >> >> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared >> >> and it gives me: >> >> setfacl: Option -m: Invalid argument near character 3 >> > >You should enter: > >setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3
- setfacl: Option -m: Invalid argument near character 3