I have my smb.conf set to not list default domain, but it still does. I am using the default winbind that is built within samba. Here is my config: Samba version: 4.0.3 Build environment: Build host: Linux simba.tomato.local 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Paths: BINDIR: /usr/local/samba/bin SBINDIR: /usr/local/samba/sbin CONFIGFILE: /usr/local/samba/etc/smb.conf NCALRPCDIR: /usr/local/samba/var/run/ncalrpc LOGFILEBASE: /usr/local/samba/var LMHOSTSFILE: /usr/local/samba/etc/lmhosts DATADIR: /usr/local/samba/share MODULESDIR: /usr/local/samba/lib LOCKDIR: /usr/local/samba/var/lock STATEDIR: /usr/local/samba/var/locks CACHEDIR: /usr/local/samba/var/cache PIDDIR: /usr/local/samba/var/run PRIVATE_DIR: /usr/local/samba/private SWATDIR: /usr/local/samba/share/swat CODEPAGEDIR: /usr/local/samba/share/codepages SETUPDIR: /usr/local/samba/share/setup WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd [root@simba Profiles]# testparm -S Load smb config files from /usr/local/samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[homes]" Processing section "[test]" Processing section "[profiles]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions [global] workgroup = TOMATO realm = TOMATO.LOCAL interfaces = 10.0.0.226, 127.0.0.1 bind interfaces only = Yes server role = active directory domain controller passdb backend = samba_dsdb min receivefile size = 16384 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 logon path = \\%L\profiles\%U\%a idmap negative cache time = 20 template homedir = /home/%ACCOUNTNAME% template shell = /bin/bash winbind cache time = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 2 winbind refresh tickets = Yes winbind offline logon = Yes dns forwarder = 10.0.0.1 rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config * : range = 1000000-1999999 idmap config * : backend = rid create mask = 0777 directory mask = 0777 aio read size = 16384 aio write size = 16384 use sendfile = Yes map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr [netlogon] path = /usr/local/samba/var/locks/sysvol/tomato.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] comment = Home Directories path = /storage/AD/Homes valid users = %U read only = No create mask = 0700 directory mask = 0770 [test] comment = "Test" path = /storage/AD/test valid users = %U read only = No [profiles] path = /storage/AD/Profiles valid users = %U read only = No create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No csc policy = disable Results: [root@simba Profiles]# id steve uid=3000023(TOMATO\steve) gid=100(users) groups=100(users),3000008(Domain Admins) [root@simba Profiles]# id testuser uid=3000026(TOMATO\testuser) gid=100(users) groups=100(users) [root@simba Profiles]# getent passwd testuser TOMATO\testuser:*:3000026:100:Test User:/home/testuser:/bin/bash and subsequently ACLs are messed up. It adds 134 between the domain and username, I assume it has trouble parsing the "\": [root@simba AD]# getfacl Profiles/testuser # file: Profiles/testuser # owner: TOMATO\134testuser # group: users # flags: -s- user::rwx user:TOMATO\134testuser:rwx group::--- group:users:--- group:3000009:rwx mask::rwx other::--- default:user::rwx default:user:TOMATO\134testuser:rwx default:group::--- default:group:users:--- default:group:3000009:rwx default:mask::rwx default:other::--- [root@simba AD]# strace -f setfacl -R -m u:testuser:rwx Profiles/testuser/ execve("/usr/bin/setfacl", ["setfacl", "-R", "-m", "u:testuser:rwx", "Profiles/testuser/"], [/* 23 vars */]) = 0 brk(0) = 0x2251000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eeb000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0 mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000 close(3) = 0 open("/lib64/libacl.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\36\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=31280, ...}) = 0 mmap(NULL, 2126416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e52ac5000 mprotect(0x7f7e52acc000, 2093056, PROT_NONE) = 0 mmap(0x7f7e52ccb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f7e52ccb000 close(3) = 0 open("/lib64/libattr.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\23\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=18712, ...}) = 0 mmap(NULL, 2113888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e528c0000 mprotect(0x7f7e528c4000, 2093056, PROT_NONE) = 0 mmap(0x7f7e52ac3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f7e52ac3000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1916568, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee2000 mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e5252d000 mprotect(0x7f7e526b7000, 2093056, PROT_NONE) = 0 mmap(0x7f7e528b6000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7f7e528b6000 mmap(0x7f7e528bb000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e528bb000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee1000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52ee0000 arch_prctl(ARCH_SET_FS, 0x7f7e52ee1700) = 0 mprotect(0x7f7e528b6000, 16384, PROT_READ) = 0 mprotect(0x7f7e52ac3000, 4096, PROT_READ) = 0 mprotect(0x7f7e52ccb000, 4096, PROT_READ) = 0 mprotect(0x606000, 4096, PROT_READ) = 0 mprotect(0x7f7e52eec000, 4096, PROT_READ) = 0 munmap(0x7f7e52ee3000, 29335) = 0 brk(0) = 0x2251000 brk(0x2272000) = 0x2272000 open("/usr/lib/locale/locale-archive", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=99158576, ...}) = 0 mmap(NULL, 99158576, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e4c69c000 close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=1712, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eea000 read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1712 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f7e52eea000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0 mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000 close(3) = 0 open("/lib64/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0 mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c48e000 mprotect(0x7f7e4c49a000, 2097152, PROT_NONE) = 0 mmap(0x7f7e4c69a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f7e4c69a000 close(3) = 0 mprotect(0x7f7e4c69a000, 4096, PROT_READ) = 0 munmap(0x7f7e52ee3000, 29335) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat(3, {st_mode=S_IFREG|0644, st_size=1204, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e52eea000 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1204 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f7e52eea000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=29335, ...}) = 0 mmap(NULL, 29335, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7e52ee3000 close(3) = 0 open("/lib64/tls/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory) open("/lib64/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0 open("/lib64/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory) open("/lib64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/lib64", {st_mode=S_IFDIR|0555, st_size=12288, ...}) = 0 open("/usr/lib64/tls/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0 open("/usr/lib64/x86_64/libnss_winbind.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib64/x86_64", 0x7fff1e675810) = -1 ENOENT (No such file or directory) open("/usr/lib64/libnss_winbind.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\16\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=39875, ...}) = 0 mmap(NULL, 2137584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c284000 mprotect(0x7f7e4c288000, 2097152, PROT_NONE) = 0 mmap(0x7f7e4c488000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7e4c488000 mmap(0x7f7e4c489000, 19952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e4c489000 close(3) = 0 open("/usr/local/samba/lib/tls/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/tls/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/tls", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/local/samba/lib/private/tls/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/private/tls/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/private/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/private/tls", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/private/x86_64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/private/x86_64", 0x7fff1e675570) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/private/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/local/samba/lib/private", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/lib64/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\\\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=142464, ...}) = 0 mmap(NULL, 2212768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4c067000 mprotect(0x7f7e4c07e000, 2097152, PROT_NONE) = 0 mmap(0x7f7e4c27e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f7e4c27e000 mmap(0x7f7e4c280000, 13216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7e4c280000 close(3) = 0 open("/usr/local/samba/lib/libwinbind-client.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/local/samba/lib/private/libwinbind-client.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=28468, ...}) = 0 mmap(NULL, 2106160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7e4be64000 mprotect(0x7f7e4be66000, 2097152, PROT_NONE) = 0 mmap(0x7f7e4c066000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7e4c066000 close(3) = 0 mprotect(0x7f7e4c27e000, 4096, PROT_READ) = 0 set_tid_address(0x7f7e52ee19d0) = 18719 set_robust_list(0x7f7e52ee19e0, 0x18) = 0 futex(0x7fff1e675c6c, FUTEX_WAKE_PRIVATE, 1) = 0 futex(0x7fff1e675c6c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f7e52ee1700) = -1 EAGAIN (Resource temporarily unavailable) rt_sigaction(SIGRTMIN, {0x7f7e4c06cae0, [], SA_RESTORER|SA_SIGINFO, 0x7f7e4c076500}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0x7f7e4c06cb70, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f7e4c076500}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0 munmap(0x7f7e52ee3000, 29335) = 0 lstat("/usr/local/samba/var/run/winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/local/samba/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 3 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(3, F_GETFD) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_FILE, path="/usr/local/samba/var/run/winbindd/pipe"}, 110) = 0 poll([{fd=3, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout) write(3, "0\10\0\0\0\0\0\0\0\0\0\0\37I\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096 poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "\250\r\0\0\2\0\0\0\33\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3496) = 3496 poll([{fd=3, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout) write(3, "0\10\0\0/\0\0\0\0\0\0\0\37I\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096 poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "\325\r\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 3496) = 3496 poll([{fd=3, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}]) read(3, "/usr/local/samba/var/lib/winbind"..., 45) = 45 lstat("/usr/local/samba/var/lib/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 lstat("/usr/local/samba/var/lib/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 4 fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(4, F_GETFD) = 0 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_FILE, path="/usr/local/samba/var/lib/winbindd_privileged/pipe"}, 110) = 0 close(3) = 0 poll([{fd=4, events=POLLIN|POLLHUP}], 1, 0) = 0 (Timeout) write(4, "0\10\0\0\1\0\0\0\0\0\0\0\37I\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2096) = 2096 poll([{fd=4, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\250\r\0\0\2\0\0\0TOMATO\\testuser\0\0\0\0\0\0\0\0\0"..., 3496) = 3496 getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=4*1024}) = 0 lstat("Profiles/testuser/", {st_mode=S_IFDIR|S_ISGID|0770, st_size=4096, ...}) = 0 getxattr("Profiles/testuser/", "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x07\x00\xff\xff\xff\xff\x02\x00\x07\x00\xda\xc6-\x00\x04\x00\x00\x00\xff\xff\xff\xff\x08\x00\x00\x00d\x00\x00\x00\x08\x00\x07\x00\xc9\xc6-\x00\x10\x00\x07\x00\xff\xff\xff\xff \x00\x00\x00\xff\xff\xff\xff", 132) = 60 open("Profiles/testuser/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3 fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) getdents(3, /* 2 entries */, 32768) = 48 getdents(3, /* 0 entries */, 32768) = 0 close(3) = 0 close(4) = 0 exit_group(0) And the filesystem is mounted with xattr and acls: [root@simba AD]# mount /dev/md3 on / type ext4 (rw,user_xattr,acl)
Follow up: I was able to work around the issue by change the winbind separator = +, now the ACLs are being set correctly with DOMAIN+User. However, the domain shouldn't even be appearing.
- The "134" in the output of getfacls is a display issue of getfacl, not a samba bug. - You are running samba in ad dc mode here. That means the output if "testparm" is not giving back your config. You will have to use "samba-tool testparm" then. - winbind use default domain is currently not implented in the AD DC winbind mode. Best practice however is to use only DC functionality on a AD DC. But yes, this feature is still missing, therefore making this bug a dup of bug 9780. *** This bug has been marked as a duplicate of bug 9780 ***