samba-tool ntacl get <item> --as-sddl does work on Domain controllers, but fails on member servers with the following error : samba-tool ntacl get myfoldername --as-sddl ERROR: Unable to read domain SID from configuration files It would be great to be able to set real windows ACL directly from linux command line.
(In reply to Denis Cardon from comment #0) Denis, have you tried running the command as root or with sudo ?
Closing this as it works for myself with sudo: rowland@devstation:~$ sudo samba-tool ntacl get /srv/samba --as-sddl O:S-1-22-1-0G:S-1-22-2-0D:(A;;0x001f01ff;;;S-1-22-1-0)(A;;0x001200a9;;;S-1-22-2-0)(A;;0x001200a9;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD) 'devstation' is a Unix domain member.