[Samba] Issue with extended ACL's in 4.10.16
Rowland Penny
rpenny at samba.org
Mon Sep 11 15:46:00 UTC 2023
On Mon, 11 Sep 2023 15:14:49 +0000
"Odell, Jack via samba" <samba at lists.samba.org> wrote:
> Hi,
>
> I'm having an issue with extended ACL permissions while upgrading
> from 4.6.2 to 4.10.16.
>
> When upgraded, the file permissions will only allow a user's primary
> GID to access the directory/file.
>
> For example:
>
> tuser is a member of secall and secoptions.
> secall is tuser's primary GID.
> A dir has an ACL set for secoptions:rwx
> tuser is unable to access the dir from a windows host
> Adding secall:rwx to the dir allows tuser to access the dir without
> issue.
>
> Trawled this document for a Boolean parameter this afternoon that
> would sort out this problem but came up blank: smb.conf
> (samba.org)<https://www.samba.org/~ab/output/htmldocs/manpages-3/smb.conf.5.html>
>
> Any help to shed some light on this is greatly appreciated.
>
> Current smb.conf file below:
>
> <config>
> [global]
> realm = OPTIONS-IT.COM
> workgroup = OPTIONS-IT
> security = ads
> kerberos method = dedicated keytab
> dedicated keytab file
> = /etc/krb5.keytab /etc/krb5.keytab.stc.local template homedir
> = /home/%U idmap config * : backend = sss
> idmap config * : range = 57000-59000
I am sorry, but using sssd with Samba isn't really recommended by
anyone, including red-hat. I can help you set up Samba correctly, but
it is doubtful if you will get the same IDs.
Because you are using a version of RHEL, you should have a contract
with red-hat, perhaps they can give you more help.
There is also the problem that Samba 4.10.16 is EOL from the Samba
point of view.
Rowland
More information about the samba
mailing list