while trying to clone an NT server's ACLs using various ACL-cloning tools (BX
tools, sectools) I repeatedly got "access denied" messages from the server.
Investigation reveals that this is due to the fact that Samba is unable to
resolve the SIDs, since they are foreign, and thus the ACLs are discarded. The
process fails early enough that none of the ACLs are applied, even if there are
ACLs there that Samba /would/ be able to parse (e.g. Everyone, or domain usernames)
won't address this now. Marking a 'later'.
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Created attachment 968 [details]
We had the same issue:
Using robocopy to migrate files from Windows to linux/samba (v3.0.11) is
failing to migrate ACLs for some of folders- getting "Access Denied" on Windows
and "create_canon_ace_lists: unable to map SID S-1-5-21.... to uid or gid." in
Attached is the patch that works for us. You also have to set "force unknown
acl user = Yes" in your smb.conf (reintroduced in samba-3.0.6 by Guenther