I had a similar issue on my Debian box. It seemed that setfacl didn't care for special characters. I changed the separator character to - (dash) instead of + or \ and it worked fine. Good luck! Tom Hallewell Radio Free Asia Washington DC USA
> > (offlist replies discontinued due to increasing large number of people > involved) > > Gareth Davies wrote: > > Shouldn't you be setting setfacl -m DOMAIN+andrewfu:rwx myfile ? > > I tried that, but it didn't work: > > setfacl: Option -m: Invalid argument near character 1 > > I also tried escaping/quoting the + in various ways, replacing with \ or > /, etc. No joy. > > Tom Hallewell wrote: > > You should be able to find the server in W2K's server manager and > > confirm that it is a trusted member of the Domain. It sounds like > > smbd isn't linking to the acl libs-have you run ldd to see if > > you are linking to libacl.so.1? My recent problem was similar and I > > found that I wasn't compiling against the acl libs. > [snip various deb-src specific instructions] > > a) I presume I should be looking in Active Directory Users & Computers > -> domain -> Computers -> smbserver name ? > If so, it's listed as a WinNT 4 "workstation or server", as a member of > Domain Computers (we're in a mixed domain, not native, so that makes > sense to me). > > b) (grepped for brevity) > $ ldd /usr/local/samba/bin/smbd | grep -i acl > libacl.so.1 => /lib/libacl.so.1 (0x40015000) > > $ nm /usr/local/samba/bin/smbd | grep -i acl | wc > 88 244 2655 > > c) The Debian compilation instructions aren't used, since 2.2.7 isn't > available yet so I'm compiling from the tarball. However I used the > following configure line: > > configure --disable-nls --with-acl-support=yes > --with-configdir=/etc/samba --with-logfilebase=/var/log/samba > > That way I can have the Debian 2.2.3a-12 (or whatever it is) and the > 2.2.7 compiled ones use the same logfiles and config files. > > David Pullman wrote: > > A thought that occurs to me when looking at the two ways of > > displaying the name above is that I've heard that a W2K domain will > > record machine name more like a dns domain (with its emphasis on ddns > > and all that). So it makes me wonder if you have a W2K PDC. > > > > We're using an NT PDC still with a mix of W2K and NT 40 clients (we > > have a half dozen BDCs and about 500 windows clients, and a couple of > > hundred mixed UNIX platform clients). All of our file servers are > > samba on solaris. So we only see something like andrewfu > > (SMBSERVERNAME\andrewfu) on a NT security dialog acl. On a setfacl > > on the UNIX side it is stictly username, the UNIX systems have no > > idea about the NT domain. This is of course excepting the samba > > server itself, which has security = domain. This lets a user map a > > drive using their NT passwd, which might be different than their NIS > > passwd. > > The test machine here is a fairly standard / minimal install of W2k > server, which seems to be workign as expected otherwise (although I > haven't had much experience with W2k, and I don't have any other W2k > machines around to test. > > Your thoughts about the usernames seems to make sense, except, does that > mean that the Windows ACL dialog will _always_ show the UNIX username? I > would have thought that the username mapping would apply to that part > also. Although admittedly, if one UNIX name maps to more than one > Windows name, there would be problems... although it won't, in my case. > > Hopefully the mapping can be worked out in some way... the system will > have ~500 users, and given that 50% - 75% of them are > username-map-required style names, it would get mighty annoying mighty > fast, trying to map them in your head... > > (phew!) > > -- > ANDREW FUREY <[EMAIL PROTECTED]> - Sysadmin/developer for Terminus. > Providing online networks of Australian lawyers (http://www.ilaw.com.au) > and Linux experts (http://www.linuxconsultants.com.au) for instant help! > Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
