From: Paul on
We have a Samba install connected up to LDAP and all works fine until
we try to change the group on a file or directory
and get permission denied (changing permissions works fine).
The underlying filesystem does not know about POSIX ACLs and while I
would have thought "acl schemes = unix" would
do the trick, it doesn't seem to. Ideas?

What I'm doing on the Windows side is:
create a file
* select the group and remove it
* select add and type in another group
* click ok and get a permission denied error

Linux on Debian Lenny
Samba 3.3.6 and 3.4.2 (both via Debian backports)
Underlying filesystem is POSIX compliant but does not support the
POSIX ACL draft.
Client is Windows 7

workgroup = ZZ-7
server string = %h server
dns proxy = no
client plaintext auth = yes
client lanman auth = yes
interfaces = eth0,eth1
log file = /var/log/samba/log.%m
log level = 10
max log size = 1000
syslog = 1
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:"ldaps://localhost:636"
ldap ssl = off
ldap suffix = dc=sub,dc=company,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap admin dn = cn=auth,dc=ops,dc=company,dc=com
obey pam restrictions = yes
invalid users = root
map to guest = Never
restrict anonymous = 2
unix password sync = no
passwd program =
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

path = /mnt/share
valid users =
writable = yes
read only = no
printable = no
fstype = Samba
hide dot files = no
guest ok = no
create mask = 0660
directory mask = 0770
acl schemes = unix


It's time to finish going metric.
To unsubscribe from this list go to the following URL and read the