Created attachment 14690 [details] screenshot from shares snapin ``` [root@uf00pf0 api]# sharesec homes --view REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S-1-1-0:ALLOWED/0x0/FULL [root@uf00pf0 api]# sharesec homes -a S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL [root@uf00pf0 api]# sharesec homes --view REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL ACL:S-1-1-0:ALLOWED/0x0/FULL ``` This works, but the permissions do not show up and are not enfored... probably because the share is special and mapped to the samAccount name when connecting. See the screenshot attached. It is not possible to add the permissions to 'jorschra' as the share does ofcourse not exists. ``` [root@uf00pf0 api]# sharesec jorschra -a S-1-5-21-4030456262-320625612-449655040-116654:DENIED/0x0/FULL Invalid sharename: jorschra ```
jorschra being the samAccount name.
Yes, the share doesn't exist until the user connects. I have an idea as to how to fix this, if a share is flagged as "homes" then we can look for explicit permissions, then fall-back to [homes] permissions if not found. Let me look at the code here.