Hi Lucas,
I am struggling around with Windows ACLs and cannot find a solution nor how to troubleshoot that. I have two samba3 hosts. Hostname "donald" is my domain controller with samba 3.x + OpenLDAP server running. Hostname "pluto" is my other samba 3.x server which was joined to my domain. I use LDAP for my users+groups. I dont have winbind on my machines. On hostname "pluto" I have a share in smb.conf which says:[free4all] path = /data/free4all read only = No create mask = 0777 directory mask = 0777 vfs object = acl_xattr nt acl support = yes dos filemode = yes "testparm -s -a -v |grep acl" shows me: acl compatibility = auto acl check permissions = Yes acl group control = No acl map full control = Yes force unknown acl user = No inherit acls = No nt acl support = Yes profile acls = No map acl inherit = No vfs objects = acl_xattr force unknown acl user = Yes On a windows client I am right-clicking on \\pluto\free4all\subdir and choose the "Security" tab. I see a user called "Everyone" and a user without username, but only SID number. The SID is S-1-5-21-blablabla-1234567-blabla-500. I manually checked this SID at my LDAP database. Funnily I have two users with this same SID, one is called "root" and the is called "admin". Weird, but not important imho at this point.
Rid -500 is part of the well known SID, it should be for admin user and shouldn't be used for root (http://support.microsoft.com/kb/243330)
Back on the windows client, inside the "Security" tab, I click on "Add" and choose a user of my Domain Users. I see him in the list. But as soon as I click "Apply" on this window, the user disappears from the security tab list. The logfile at samba-server hostname=pluto outputs: [2013/05/14 15:48:08.861822, 0] smbd/posix_acls.c:1755(create_canon_ace_lists) create_canon_ace_lists: unable to map SID S-1-5-21-1062190697-4189521229-2202214947-129762 to uid or gid. This SID was the user I tried to add. Why does this not work and how should I fix or even troubleshoot that? I really need some assistance, I have no clue what else to try. Thanks to everyone.
Are you sure that there is a uid/gid mapping for your samba users on your server. For instance, if you type "id myusername" or "getent passwd", do you get a uid?
If not, you should check if your /etc/nsswitch.conf configuration is ok. If you don't use winbind, you should have nssldap configured.
Cheers, Denis
Lucas.
-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
