[Samba] unix_primary_group=yes together with vfs objects=acl_xattr not working
Rowland penny
rpenny at samba.org
Tue Dec 10 14:08:17 UTC 2019
On 10/12/2019 13:29, Klaus Jaensch via samba wrote:
> Hi Rowland,
>
>>> I used the latest Ubuntu server version for testing:
>>>
>>> Samba version 4.10.7-Ubuntu
>>>
>> Here is my test smb.conf
>
> [global]
> security = ads
> realm = SAMDOM
> workgroup = IPS
> idmap config *:backend =tdb
> idmap config *:range = 5000000-6000000
> idmap config IPS:backend = ad
> idmap config IPS:schema_mode = rfc2307
> idmap config IPS:range = 100-999999
Why are you using '100' for the range start number ?
It looks like it is picking up the local Unix group 'users' which has
the GID 100
> idmap config IPS:unix_nss_info = yes
> idmap config IPS:default = yes
I don't know where you got that line from, it doesn't exist
> idmap config IPS:unix_primary_group = yes
> # Use settings from AD for login shell and home directory
> winbind nss info = rfc2307
That line is only used if you are using Samba < 4.8.0
> winbind enum users = yes
> winbind enum groups = yes
You should turn the two lines above off, they are not needed and can
slow things down.
> winbind cache time = 10
> winbind use default domain = yes
> winbind rpc only = yes
NOOOOOOOOOO, do not set the line above
> kerberos method = secrets and keytab
> client use spnego = yes
> client ntlmv2 auth = yes
> ntlm auth = no
> encrypt passwords = yes
The four lines above are defaults and as such are not required.
> restrict anonymous = 2
> domain master = no
> local master = no
> preferred master = no
> os level = 0
> server min protocol = SMB2
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> access based share enum = yes
> server signing = mandatory
> smb encrypt = desired
>
> [test_share]
> path= /data/test_share
> read only = No
> create mask = 0660
> directory mask = 0770
> valid users =test_user
>
> I use the Windows Server AD as backend and set the GID in the
> ActiveDirectory UNIX-Attributes of the user.
>
> On the Linux Samba server I have a group with this GID.
Yes, it is local Unix group:
cat /etc/group | grep 100
users:x:100:
>
> The name of this group shows up in the smbstatus output.
>
> New files are created with this GID, but only if vfs objects =
> acl_xattr is commented out.
>
>
> We access the file servers from Windows clients via SMB and from Linux
> clients via NFS. I want to use private user groups on Ubuntu to change
> the umask to 002 on login automatically on Ubuntu (Explained in
> /etc/login.defs).
Just use SMB for everything. If you only had Linux clients, then you
could use NFS and ignore Samba, but I wouldn't try to use the same files
from NFS and Windows.
Rowland
More information about the samba
mailing list