I've been doing some testing with Samba 2.2.5 and ACL's under ext3, and everything
seems to work as I need except when I try to add an ACL from Windows.
We're not using winbind because we need consistent UID's across servers. We have a
central LDAP directory with everyone in it, and use nss_ldap to resolve users and UID
numbers. We're authenticating
against a Windows 2000 cluster though.
When I set an ACL from Linux via the setfacl command, the ACL shows properly in the
Windows "security" box. It shows up as (for example) "lnxsles8/kehall" with the right
permissions (lnxsles8 being
the Samba server). But if I try to ADD an ACL, it can only find users from the domain
directory. Since all of the users are in the domain, I can assign permission using
the corresponding ID from the
cluster ("NYC1/kehall", for example), but that triggers auto-assignment of a UID via
Winbind, but since we're not using nss_winbind, the ACL ends up containing an
unresolvable UID number. If I
disable Winbind, I can't add the ACL at all.
Curiously, the security dialog DOES list the Linux groups from the LDAP directory. It
just doesn't seem to find the users.
Is there any way to get Samba (or Windows) to look at the Samba server's user list for
valid names, instead of the domain/cluster? Or am I just doing something wrong?
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
