setfacl(1) - Can FreeBSD's ACLs contain groups from NT/AD domains ?

Johan Hendriks Johan at
Mon Aug 6 03:06:55 PDT 2007

>Hi all,

>I have "FreeBSD 7.0-CURRENT #1: Wed Jul 25" authenticating successfully against
>active directory via samba's winbindd(8). I need to manage samba shares via
>FreeBSD ACLs and CIFS ACLs. From my reading of setfacl(1) I should be able to
>set group permissions using the syntax of DOMAIN\group-name. For example:

>   #setfacl -d -m g:"MYDOMAIN\mygroupname":rwx test

>However, when I do this on FreeBSD -CURRENT I get the following error:

>  #setfacl -d -m g:"MYDOMAIN\mygroupname":rwx test
>    setfacl: g:MYDOMAIN\mygroupname: Invalid argument

>From a quick Google it looks like Linux ACLs can do the aforementioned

>Does anyone know ?

As far as i know and the way i do it is leaving the Domain part out just the group name.
Wbinfo -g shows the groups if all is ok.


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.11.6/938 - Release Date: 5-8-2007 16:16

More information about the freebsd-questions mailing list