[Samba] samba does not honor set group bit on directories
Rowland Penny
rpenny at samba.org
Wed May 8 15:05:26 UTC 2019
On Wed, 8 May 2019 16:16:58 +0200
Peter Varkoly <peter at varkoly.de> wrote:
> Hi,
>
> [global]
> netbios name = admin
> realm = <LONG-DOMAIN>
I do hope that '<LONG-DOMAIN>' is the dns domain in uppercase
> workgroup = <DOMAIN>
> dns forwarder = 8.8.8.8
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = Yes
> check password script =
> /usr/share/oss/tools/check_password_complexity.sh
Are you aware that password complexity is in AD ?
> winbind enum users = Yes
> winbind enum groups = Yes
You should remove the two lines above, there are not needed and only
slow things down
> wide links = Yes
> unix extensions = No
> template shell = /bin/bash
> ntlm auth = yes
You like living dangerously, still using NTLMv1
>
> bind interfaces only = yes
> interfaces = 127.0.0.1, 172.16.0.2
> comment = "CRANIX DC"
> ldap server require strong auth = no
>
Are you using a self compiled version of Samba ? or are you using a
Samba package that uses the MIT kdc ?
If the latter, you should be aware that using MIT is still regarded as
experimental and shouldn't be used in production.
Finally, you are using a DC as a fileserver, this is not recommended,
but if you do, you can only set the permissions on the share from
Windows. This means that your shares can only look like this:
[groups]
comment = Shared directories of groups you are member in.
path = /home/groups
read only = No
You also need to read this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Rowland
More information about the samba
mailing list