Samba with active directory groups with special character
I've got a problems with Samba and Active Directory groups which contains special character like '@' ' ' (space).
For example, I've got a group which name is : 'name.surname [email protected]', I make a share in Samba :
[share_city]
path = /data/share_city
create mask = 0660
directory mask = 2771
force create mode = 0660
create mode = 0660
browseable = Yes
browsable = Yes
recycle:repository = .RecycleBin$/%U
vfs object = recycle:repository recycle:keeptree
write list = @"name.surname [email protected]"
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = no
recycle:exclude = *.tmp|*.temp|*.obj|~$*
recycle:exclude_dir = /tmp|/temp|/cache
recycle:maxsize = 1073741824
recycle:noversions = *.mdb
admin users = adminad
With smbclient I can connect to share : => ls is ok
smb: \> ls
. D 0 Fri Nov 25 18:55:31 2011
.. D 0 Fri Nov 25 17:34:39 2011
test3 D 0 Fri Nov 25 18:55:31 2011
56569 blocks of size 8388608. 52263 blocks available
=> mkdir doesn't work
smb: \> mkdir test4
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test4
So if I test with system access all that works and acl inheritance works also
And with groups in the same active directory which doesn't contain characters all works well.
Is what I'm trying to do even possible?
Solution 1:
From an AD perspective, there are very few characters that are disallowed for groups/security principal names. In particular, the @ symbol is allowed. The disallowed characters include:
a leading space; a trailing space; and any of the following characters:
# , + " \ < > ;
However, if you want the "Pre-Windows 2000" name to match the CN, then you may not use:
/ \ [ ] : ; | = , + * ? < > "
Note that in practice, AD will allow you to create groups with the hash symbol (#). Also note that the "samAccountName" attribute is the "Pre-Windows 2000" name, so most people would stick to that list of disallowed characters.
More information:
Active Directory Object Names
http://technet.microsoft.com/en-us/library/cc776019%28WS.10%29.aspx