eQuoting Sumit Bose <sbose(a)redhat.com> on Tue, Feb 28 10:00:
Thank you for the logs. There is an issue in the logs related to mapping
the root user. Are you trying to modify ACL for the root user or for
some other user?
If it is about the root user then this behaviour is kind of expected
because SSSD does not handle the root user when it comes to nss and PAM
and this is inherited to the SID mapping code as well.
Some other user. I login to a Windows box with my admin account (in the
OU child domain) which is a member of the group that owns the folder
(OU\metro-us-admins).
The directory I was trying to add permissions to was owned by root (see
getfacl output below). I tried changing the owner of the folder to my
active directory user (omen(a)ad3.ucdavis.edu), but it did not change the
behavior, ACLs added in Windows still disappear when Apply is clicked.
The weird part is that Windows did automatically add CREATOR OWNER and
CREATOR GROUP ACLs successfully.
Thanks for the suggestions. I'll keep poking from my end.
root@phys-adtest:/storage# getfacl metro-us-admins/
# file: metro-us-admins/
# owner: root
# group: metro-us-admins(a)ou.ad3.ucdavis.edu
user::rwx
group::rwx
group:metro-us-admins@ou.ad3.ucdavis.edu:rwx
mask::rwx
other::rwx
default:user::rwx
default:group::rwx
default:group:metro-us-admins@ou.ad3.ucdavis.edu:rwx
default:mask::rwx
default:other::---
--
Omen Wild
Systems Administrator
Metro Cluster