I'm settin up a member Server in a samba domain. (both 3.0.24)

getent passwd/group shows all user and groups
wbinfo -u/g shows user and groups
net groupmap list shows all groups correctly

Here's the testparm output:


workgroup = AAG
server string = FILES (%v)
security = DOMAIN
password server =
passdb backend = ldapsam:ldap://
log level = 10
log file = /var/log/samba/%m.log
name resolve order = host wins bcast
deadtime = 15
keepalive = 0
load printers = No
preferred master = No
local master = No
domain master = No
wins server =
ldap admin dn = cn=admin,dc=aag
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=aag
ldap user suffix = ou=users
panic action = /etc/samba/panic-action %d
idmap backend = ldap:ldap://erde.aag
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
read only = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit acls = Yes
map acl inherit = Yes
strict sync = Yes
sync always = Yes
use sendfile = Yes
veto oplock files = /*.mdb/
delete readonly = Yes
dos filemode = Yes
msdfs root = No

path = /userdata/%S
invalid users = root, admin, bin, daemon, sys, sync, lp, mail, news,
uucp, proxy, www-data, backup, irc, sshd, man, identd, bacula, nobody,
create mask = 0700
directory mask = 0700
browseable = No
Then all the shares....

ACLS are enabled in fstab

I have /groupdata with all groupshares and /userdata for homes.
/groupdata is actually owned by me.domain_admins

I can set acls from linux with
setfacl -R -d -m g:group:rwx folder

unfortunately I cannot change permissions from windows, not as domain-root nor
as me even if I am in the domain_admins group and privileges are activated I
get a permission denied message. I also don't see the acls I set for "group"
under windows even if linux shows them correctly.

I'm afraid it is something very stupid I don't see, but I would be very
gratefull if somebody could point me to the error.

Please let me know what logs I should append



To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba