[Samba] Win ACL share Perm and recycle bin
Fabrizio Rompani
fabrizio.rompani at yetopen.com
Thu Nov 30 10:07:52 UTC 2023
Hi
I've set up a domain with 2 dc (samba 4.16.10 - debian 11) a fileserver ( 4.15.13 ubuntu 22) , and 50 windows client.
fileserver has a few share with win ACL ( I follow [ https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs | https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs ] ) .
Everythings works fine and I can setup security access for that shares , from a windows client . ( main share has 2,5 MLN files and it tooks a couple of hrs... but I can deal whit this)
But ...... since I enabled recycle bin for that shares ( vfs objects = recycle) , I cannot setup security access anymore ( permission denied )
Disable recycle bin ( and restart smbd ) works fine again .
Any hint?
thanks
fab
dc's smb.conf:
# Global parameters
[global]
netbios name = DC1
realm = SOMEDOMAIN.LAN
server role = active directory domain controller
workgroup = SOMEDOMAIN
server services = -dns
# Richiesto per pfSense
ldap server require strong auth = no
max log size = 50000
log level = 1 auth_audit:3
log file = /var/log/samba/yolog.log
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/samba.technion.lan/scripts
read only = No
fileserver :smb.conf:
[global]
netbios name = NEXTCLOUD
realm = samba.somedomain.lan
workgroup = SOMEDOMAIN
security = ADS
#2023-11-22_rf_ dava un warning il testparm
winbind separator = +
idmap config *:backend = tdb
idmap config *:range = 700001-800000
idmap config SOMEDOMAIN:backend = rid
idmap config SOMEDOMAIN:range = 10000-700000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = yes
#2023-11-22_rf_test
inherit acls = yes
inherit permissions = yes
nt acl support = yes
# acl_xattr:ignore system acls = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
usershare path =
[SomeShare]
path = /dati/condivisioni/lavoro/
read only = no
include = /etc/samba/cestino.conf
cestino.conf
vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
#recycle:maxsize = 50000000
recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp
recycle:excludedir =
recycle:noversions = *.doc|*.xls|*.ppt
recycle:directory_mode = 770
recycle:touch = yes
recycle:touch_mtime = yes
recycle:repository = .cestino/%U
recycle:directory mask = 2770
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary
-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.
Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.
More information about the samba
mailing list