From owner-freebsd-questions@FreeBSD.ORG Mon Aug 6 10:06:55 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B14A116A417 for ; Mon, 6 Aug 2007 10:06:55 +0000 (UTC) (envelope-from Johan@double-l.nl) Received: from smtp-vbr2.xs4all.nl (smtp-vbr2.xs4all.nl [194.109.24.22]) by mx1.freebsd.org (Postfix) with ESMTP id 4D31813C4B6 for ; Mon, 6 Aug 2007 10:06:55 +0000 (UTC) (envelope-from Johan@double-l.nl) Received: from w2003s01.double-l.local (dpm.xs4all.nl [213.84.11.61]) by smtp-vbr2.xs4all.nl (8.13.8/8.13.8) with ESMTP id l76A6mFG070342; Mon, 6 Aug 2007 12:06:49 +0200 (CEST) (envelope-from Johan@double-l.nl) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 6 Aug 2007 12:06:46 +0200 Message-ID: <57200BF94E69E54880C9BB1AF714BBCB19BC14@w2003s01.double-l.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: setfacl(1) - Can FreeBSD's ACLs contain groups from NT/AD domains ? Thread-Index: AcfYDAif0/2UTcepTVGnwrCEEalcpgABTRcw References: <20070806091033.GA57676@obelix.dsto.defence.gov.au> From: "Johan Hendriks" To: "Wilkinson, Alex" X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: RE: setfacl(1) - Can FreeBSD's ACLs contain groups from NT/AD domains ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2007 10:06:55 -0000 >Hi all, >I have "FreeBSD 7.0-CURRENT #1: Wed Jul 25" authenticating successfully = against >active directory via samba's winbindd(8). I need to manage samba shares = via >FreeBSD ACLs and CIFS ACLs. From my reading of setfacl(1) I should be = able to >set group permissions using the syntax of DOMAIN\group-name. For = example: > #setfacl -d -m g:"MYDOMAIN\mygroupname":rwx test >However, when I do this on FreeBSD -CURRENT I get the following error: > #setfacl -d -m g:"MYDOMAIN\mygroupname":rwx test > setfacl: g:MYDOMAIN\mygroupname: Invalid argument >From a quick Google it looks like Linux ACLs can do the aforementioned >[http://www.techtutorials.net/blogs/index.php?mode=3Dviewuser&user_id=3D= 7]. >Does anyone know ? As far as i know and the way i do it is leaving the Domain part out just = the group name. Wbinfo -g shows the groups if all is ok. Regards, Johan No virus found in this outgoing message. Checked by AVG Free Edition.=20 Version: 7.5.476 / Virus Database: 269.11.6/938 - Release Date: 5-8-2007 = 16:16 =20