0n Mon, Aug 06, 2007 at 04:09:37PM +0200, Greg Byshenk wrote:
> sambaserver# setfacl -m u:ADDOMAIN\\gbytest:rwx,g:ADDOMAIN\\domain\
users:rx z-test/
> sambaserver# getfacl z-test/
> #file:z-test/
> #owner:1361
> #group:100
> user::rwx
> user:gbytest:rwx
> group::r-x
> group:domain users:r-x
> mask::rwx
> other::r-x
> sambaserver#
>
>This is on 6-STABLE, but it has worked on CURRENT also (though I don't
have a
>machine running now), configured using idmap_rid (and 'winbind use default
domain = yes').
>
>At some point in the past when I was testing, I saw the same sort of errors
>as above. This was before I set idmap_rid (and configured samba with
experimental
>modules), so it may have been related to this change.
>
>Do the domain users/groups show up using 'id' and 'wbinfo'?
OK, well this is interesting because after extensive testing of setting group
permissions with setfacl(1) some groups work ... and some don't. And yes I can
enumerate all the groups in AD e.g.
#wbinfo -g | wc -l
2574
And id(1) does print the GIDs e.g
#id -a
uid=13340(myusername) gid=10513(domain users) groups=10513(domain users)
So I am suspecting not all groups in the AD world are the same ?
And why would I be able to assign group ACLs using some AD groups but not
others ?
-aW
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914. If you have received this email in error, you are requested to contact
the sender and delete the email.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
