[Samba] vfs_recycle disables permissions inheritance on AD DC shares

[Sebastian Arcus]

On 02/12/19 15:44, Rowland penny via samba wrote:
> On 02/12/2019 15:32, Sebastian Arcus via samba wrote:
>>
>> On 02/12/19 15:10, Rowland penny via samba wrote:
>>
>> Thank you for the quick reply. I should have mentioned that these DC's 
>> are at at different sites. At each site there is only one Linux server 
>> - hence why the DC is also the file server.
> Bad move, I would add a Unix domain member at each site, even if it is 
> in a VM, by the way, are you using 'sites' ?

I'm not sure what do you mean by 'sites'. They are a number of different 
physical sites, but they are independent small lan's, with no connection 
to each other, if that is the question? I have seen the advice in the 
wiki against using the DC as a file sharing server, but I am not clear 
as to why exactly that is a bad idea - and the wiki doesn't go into much 
detail. The servers certainly have performed very well for the past 3 
years or so. These are small networks, with around 10 clients each.


>> I'm afraid I'm not sufficiently familiar with vfs objects and how they 
>> work - I only used the configuration above based on the recommended 
>> configs in the wiki. Are you saying above that I could have configured 
>> the vfs recycle without using the "vfs objects = recycle" line - that 
>> it isn't actually necessary in order to activate the recycle bin?
> 
> No, I am saying that you have turned off the default vfs objects by just 
> specifying one.
> 
> You should have 'vfs objects = dfs_samba4 acl_xattr recycle'

Thank you very much for this - now it is working. This lack of 
permissions inheritance issue has been plaguing me for months - it is 
very useful to finally find what has been causing it. Would it be a good 
idea to add the information above somewhere in the wiki, in case others 
will face the same issue at some point?

Again, thank you for the quick replies.