similar to: Usiing SID's in Linux? Is it possible?

On Tue, Feb 26, 2019 at 09:03:41AM -0800, Jeremy Allison via samba wrote: > > Check out the latest cifsfs code. I think Steve > and Aurelian and Ronnie added an ioctl for this. > > I'm here at Vault in Boston with Steve, I'll ask > him :-). Steve says there are two utilities in Linux, getcifsacl and setcifsacl that use a custom ioctl inside the Linux cifsfs kernel

ACL management can be done for SMB2/SMB3 ACLs with two common tools depending on your preference. smbcacls (somewhat similar to using cacls.exe or icacls.exe in Windows but specifying the UNC name rather than a local path name). smbcacls sets up and tears down a network connection each time it is run and uses Samba user space code. or setcifsacl/getcifsacl (which calls cifs.ko to access the

Hi Jeremy, Hi Steve, Hi Ronnie, thanks for your replies and the profound discussion. I think, it's best to demonstrate my problem case along an real world example: The following log of a console sesssion shows how I am doing the mounts on behalf Linux Kernel CIFS-FS Module on the client side against a Samba 4.5 file server (both running on Debian Stretch 9.8) via SMB/CIFS resp. SMB2 protocol:

Thanks for the first reply, Jeremy. What about the (future) implementation of RichACL? Will there be any native Linux Client support along with the SMB2/SMB3 protocol? I know, there is a native implemenation for RichACLs in ext4 FS. Unfortunately, smbcals is not a native Linux ACL Tool and has a very unhandy syntax. I just tested some days ago. ;-) I am looking for a solution that allows the

I have linux machines joined to my AD domain using winbind. I have windows pro machines joined to AD normally I would like it so that when I user writes to an ntfs removable disk That when I mount it on my linux machines it follows the permissions. Is that possible? I use ntfs-3g to mount the partition. I see there is a command ntf3-3g.usermap and wonder if that might work. Is there a command like

Sometimes a group sid does not get resolved to its name. Is this a settings problem? Looks like winbind deamon went dormant for a while and then woke up? I am using interface wbcLookupSid provided by the library libwbclient.so for resolving sids to names. These are the winbind related parameters in /etc/samba/smb.conf [global] # separate domain and username with '\', like

On Sat, 4 Nov 2017 18:42:36 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I decided to continue trying the ldap route as well > > littlehex2int() > { > hex=$1 > hex_chunk=$(echo ${hex}|cut -c$2-$3) > little=$(echo ${hex_chunk}|awk '{print > substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}') > echo "ibase=16; ${little}" |

. DOMAIN_ADMIN_PASSWD.sh echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} echo -n > /etc/ntfs-3g.usermap for DOMAIN_USER in $(wbinfo -u);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" != "Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print

Hi When I mount CIFS share (mount -t cids) with vers=1.0 I can perform getcifsacl sucessfully. But when I mount with vers=2.0, or 2.1, or 3.0, ACL reading fails. getxattr error: 95 REVISION:0x0 CONTROL:0x0 Why getcifsacl depends on SMB protocol version? Can I read ACL via newer SMB protocol? A asked on Serverfault but without reply:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

On Sun, 5 Nov 2017 16:14:33 -0700 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > Not bad but I wanted an ldap version because I was having issues > running ldbsearch as a normal user. > I had another thought, why am I reinventing the wheel, so came up with this: #!/bin/bash echo "#######################################################" echo "#

On 01/08/16 17:48, Jeff Sadowski wrote: > I just installed ubuntu-16.04 and followed the instructions I found for it. > problems I ran into that way > I removed apparmer and I had to use bindflatfile as dlz was not working for > me > I got my machine connected. I'll figure out fedora later. > I would figure out why dlz doesn't work first, why didn't it work ? what

On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at samba.org> wrote: > On Fri, 3 Nov 2017 13:53:22 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> just get objectsid and use this >> >> https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253 > > Why ??? > So that when someone on a linux machine writes to disk

On Wed, 23 Jan 2019 09:47:11 +0100 Miloslav Hůla via samba <samba at lists.samba.org> wrote: > Dne 2019-01-15 v 13:22 Miloslav Hůla via samba napsal(a): > > When I mount CIFS share (mount -t cids) with vers=1.0 I can perform > > getcifsacl sucessfully. But when I mount with vers=2.0, or 2.1, or > > 3.0, ACL reading fails. > > > > getxattr error: 95 >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Most of the patches in this release are for cifs.idmap, getcifsacl and setcifsacl. There were many bugs in those tools, so anyone that's deploying or using them is highly encouraged to upgrade. Highlights: * NFS-style device names are being deprecated in 6.0. Anyone using that sort of device name should

That looks easier I was working on ldap to convert but I'll try ldb-tools I was off on a bash mission here is what I had so far it isn't correct so I'll keep working on it #!/bin/bash if [ "$(echo $1|wc -c)" = "41" ];then hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed 's/^0000000 //'|sed 's/ //g') echo ${hex} hex_chunk=$(echo

We've had a number of changes since the last release, and we have some other upcoming kernel changes that might require corresponding cifs-utils changes. So it's probably as good a time as any for a new release. Highlights: + fix for a minor security issue that can corrupt the mtab + new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr. + a

This is a big release that contains many functional changes that are aligned with the recent work done in the Linux SMB3 kernel client. These changes mostly aim to improve user experience by unlocking new features available in modern SMB3 servers: - smbinfo utility is added to query various kinds of information from the server (objectId, snapshots, different FileInfo* classes and other

Dear Jeremy, thanks for your instant reply. :-) Along with Linux native getfacl/fetfacl, I also tested getcifsacl/setcifsacl (for sure thoroughly ;-)). Unfortunately, these CIFS client tools seem to have been designed as part of the "old" CIFS Unix Extensions, working only for SMB/CIFS mounts, and are not supposed to work with SMB2/SMB3 mounts, as I guess. During my tests, the

Greetings, Hoping someone can shed some light on this. I've been searching for over a week and cannot find information on how Samba generates SID's from Unix UID's and GID's. I keep running into situations where after adding a new user to my CentOS server all other users are suddenly prevented from accessing shares that have a group ACL assigned. I finally figured out that