Hi all,
I have a weird error that I can't seem to get my head wrapped around.
I have the following setup:
Member Server: Debian 7.9 with the latest version of SAMBA (4.3.0)
SAMBA DC x 2 with the latest version of SAMBA (4.3.0)
On my member server I have setup a share /Groups and on it I have all my folders
that users will be accessing. This migration is coming over from a Macintosh
environment.
I have displaced winbind for sssd on the member server as it seems to run
smoother for me, or at least I think it does.
What isn't working is that when I do the following:
setfacl -R -m g:Information\ Technologt:rwx /Groups/Test-Folder
It all comes out proper according to the getfacl command:
# file: Groups/Test-Folder/
# owner: Administrator
# group: Domain\040Admins
user::rwx
group::r-x
group:Information\040Technology:rwx
mask::rwx
other::r-x
However if I mount the share point from a mac or windows 8 box, I can
authenticate as myself, in this david, but I have zero permissions to write into
the directory or create anything new inside the folder even though I am a member
of the "Information Technology" group.
The only way I can get myself to have any type of write privileges on the remote
share is if I add myself to the share such as:
setfacl -R -m u:david:rwx /Groups/Test-Folder
I'm pretty sure thats not by design but am wondering if anyone else has come
accross this issue and if so how you got it to respect the group settings for
nested users within groups for full access to the shared folders.
I don't see anything in there about it being a limitation of sssd.
I've also tried to add the permissions from a windows 8.1 box with the admin
tools installed on it and I get all sorts of errors when I try and add ACLs and
users to the folders.
Just wondering what I have to do in order to get my client machines to accept
and understand that users in groups that are added to folders to have various
levels of access to those folders.
Hopefully this makes sense.
Thanks in advance,
-----
David