I thought I had some clues. In Windows the groups show as "metro-us-adm...@ou.ad3.ucdavis.edu (Unix Group\metro-us-adm...@ou.ad3.ucdavis.edu)" (see attached screenshot). Earlier today I had the following permissions on a folder:
# file: metro-us-admins/ # owner: root # group: metro-us-adm...@ou.ad3.ucdavis.edu And I was getting a permission denied trying to set the ACL from Windows. I though maybe it was because Windows was showing the group with the full domain instead of the short form (ou\metro-us-admins). I was getting really frustrated, so I switched from sssd to winbind to see if I could get that working. The Windows permissions would set correctly, but I was unable to get groups to work in Ubuntu, so I switched back to sssd. And ... now I can sort of set ACLs from Windows!?! I say almost because everyone seems to default to Full Control, and when I unmap/remap the drive it shows the SSID instead of the account name (see attached screenshot). getfacl actually shows the permissions: ----- Begin getfacl ----- root@phys-adtest:/storage# getfacl metro-us-admins/ # file: metro-us-admins/ # owner: root # group: metro-us-adm...@ou.ad3.ucdavis.edu user::rwx user:root:rwx user:cmderr:r-x user:omen:rwx group::rwx group:metro-us-adm...@ou.ad3.ucdavis.edu:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:cmderr:r-x default:user:omen:rwx default:group::--- default:group:metro-us-adm...@ou.ad3.ucdavis.edu:--- default:mask::rwx default:other::--- ----- End getfacl ----- Does this ring any bells for anyone? Thanks -- Omen Wild Systems Administrator Metro Cluster
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org