Hello Rowland! The users and group are only on the AD, and there are only one entry on each user... In the Windows side all seems ok : but not the result of getfacl ... root at Samba4:/Fichiers# getfacl /Fichiers/SA/Nouveau\ document\ texte.txt getfacl : suppression du premier « / » des noms de chemins absolus # file: Fichiers/SA/Nouveau document texte.txt # owner: ciril # group: utilisa.\040du\040domaine user::rwx user:utilisa.\040du\040domaine:r-x user:karine.hasani:r-x user:sa-si:rwx user:sa-cp:r-x user:john.doe:r-x user:essai:r-x group::r-x group:utilisa.\040du\040domaine:r-x group:karine.hasani:r-x group:ciril:rwx group:sa-si:rwx group:sa-cp:r-x group:john.doe:r-x group:essai:r-x mask::rwx other::--- In the above example I created the user essai on the AD one minute ago... Good things! with setfacl I can't set a user as a group and vica-versa! ;) wbinfo -u show only users and the -g option only groups getent passwd show only users: ... essai:*:14633:10513:essai essai:/home/samba/ARIANE/users/essaiSERNAME%:/bin/bash ... getent group show only groups: ... sa-cp:x:13269: ... Is there somewhere else to search? Thanks Samuel Le 07/09/2016 à 12:14, Rowland Penny via samba a écrit :> On Wed, 7 Sep 2016 11:25:00 +0200 > Sam via samba <samba at lists.samba.org> wrote: > >> Sorry for that but my request was not exacltly true... >> >> A user is set both as user and group. >> A group is set both as user and group too. > How have managed that ? > > Where do these users & groups exist ? > If they are in /etc/passwd & /etc/group and also in AD, pick one place > for them and delete them from the other. You cannot have local Unix > users & groups that are also in AD. > > If they are only in AD, then pick which they should be, a user or group > and then delete the other, you cannot have a user with the same name as > a group. > > Rowland > >
Rowland Penny
2016-Sep-07 13:06 UTC
[Samba] ACL wrong category user for group and group for user
On Wed, 7 Sep 2016 14:39:14 +0200 Sam via samba <samba at lists.samba.org> wrote: I did say that this could only happen for two reasons, you have ruled out one and have now confirmed the other. If you create a user and then use that user on the Samba DC, it will be mapped in idmap.ldb and anything mapped in there can (and probably will) get this 'type: ID_TYPE_BOTH', that is, it will be both a user & a group. Rowland
Ok so if I well understand it's a normal behaviour and I can use it like this? Le 07/09/2016 à 15:06, Rowland Penny via samba a écrit :> If you create a user and then use that user on the Samba DC, it will be > mapped in idmap.ldb and anything mapped in there can (and probably > will) get this 'type: ID_TYPE_BOTH', that is, it will be both a user & > a group.