sorry for replicating this here, but it seems nobody was able to
answer me on the samba list.
i'm getting mad configuring samba to join an ADS, resolve domain
users and groups and set ACLs via windows explorer on a share mounted
with POSIX ACL and extended attributes.
At the point where i am, i've managed to get Samba join correctly the
domain with idmap_rid backend working fine.
I can correctly set (add, remove, modify) file acls and extended
attributes via bash, but when i try to simply add a user permission
on a file or directory via the windows explorer security settings i
get in the log (level 3):
I can correctly set file permission of the classical posix elements
via windows explorer: user, group and others. Users authentication
for the share and file security works fine.
workgroup = AGBSOFT
realm = AGBSOFT.CH
server string = CVS Server
security = ADS
client schannel = No
allow trusted domains = No
password server = agbsoft-nt1.agbsoft.ch
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
os level = 18
preferred master = No
domain master = No
wins server = 10.100.0.2
idmap backend = idmap_rid:AGBSOFT=10000-200000000
idmap uid = 10000-200000000
idmap gid = 10000-200000000
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
comment = prova
path = /home/ftp
valid users = "@AGBSOFT\Domain Admins"
read only = No
My samba 3.0.20b is compiled with ads and acl support (verified).
Kernel is a 126.96.36.199, compiled with acl and extended attributes for
The system is running a slackware 10.2. I had to rebuild from source
attr, acl, libattr, libacl to have compiling with acl support.
Here is my mount:
/dev/hda1 on / type reiserfs (rw,acl,user_xattr)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
usbfs on /proc/bus/usb type usbfs (rw)