I thought I had some clues. In Windows the groups show as
"metro-us-admins(a)ou.ad3.ucdavis.edu (Unix
Group\metro-us-admins(a)ou.ad3.ucdavis.edu)"
(see attached screenshot). Earlier today I had the following permissions
on a folder:
# file: metro-us-admins/
# owner: root
# group: metro-us-admins(a)ou.ad3.ucdavis.edu
And I was getting a permission denied trying to set the ACL from Windows.
I though maybe it was because Windows was showing the group with the full
domain instead of the short form (ou\metro-us-admins).
I was getting really frustrated, so I switched from sssd to winbind to
see if I could get that working. The Windows permissions would set
correctly, but I was unable to get groups to work in Ubuntu, so I
switched back to sssd.
And ... now I can sort of set ACLs from Windows!?! I say almost because
everyone seems to default to Full Control, and when I unmap/remap the
drive it shows the SSID instead of the account name (see attached
screenshot). getfacl actually shows the permissions:
----- Begin getfacl -----
root@phys-adtest:/storage# getfacl metro-us-admins/
# file: metro-us-admins/
# owner: root
# group: metro-us-admins(a)ou.ad3.ucdavis.edu
user::rwx
user:root:rwx
user:cmderr:r-x
user:omen:rwx
group::rwx
group:metro-us-admins@ou.ad3.ucdavis.edu:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:cmderr:r-x
default:user:omen:rwx
default:group::---
default:group:metro-us-admins@ou.ad3.ucdavis.edu:---
default:mask::rwx
default:other::---
----- End getfacl -----
Does this ring any bells for anyone?
Thanks
--
Omen Wild
Systems Administrator
Metro Cluster