[Samba] File share permissions act different on member server than on DC

Marc Muehlfeld samba at marc-muehlfeld.de
Tue Oct 15 11:46:11 MDT 2013

Hello Keith,

Am 15.10.2013 03:29, schrieb Keith McCormick:
> To enable my member server's ACLs to work just like the DC, as far as
> Windows is concerned, I needed to add the following parameters to the
> global section of smb.conf file on the member server:
>          vfs objects = acl_xattr
>          map acl inherit = yes
>          store dos attributes = Yes
> These parameters are apparently added in the background by default for
> the smbd processes that are spawned by samba. Until I added those items,
> just like you I could never get the ACLs to stick and work correctly.
> Many of them were incorrectly labeled, also, even though the number was
> correct and the same as on the DC.

I tried your suggestion and it works like on the DC (without the VFS 

But I'm not sure, if this is like Samba should act. I would expect that 
filesystem ACLs are handled in the same way on a DC and on member servers.


More information about the samba mailing list