[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5

Mon Oct 21 04:38:12 MDT 2013

i got an error when i first did the provisioning. the howto i followed 
(i think this one 
http://www.jadota.com/2013/01/installing-samba4-on-ubuntu-12-04/), 
suggested adding the -use-ntvfs parameter to the provisioning command. 
So that's what i did, and now i am also stuck with ntvfs. Can you just 
modify the config and switch over to s3fs ?

Jef

Op 10/20/2013 07:48 PM, X-Dimension schreef:
> For what reason did you stay at NTVFS? Did you also tried to switch to
> S3FS?
>
> I did some short tests today and created a new share named "Testing".
> I created some folders and some subfolders as administrator on it.
> The strange thing is, that a domain user can now rename the parent
> folder, but not it's sub folders
> or the files in these folders.
> After this i switched to S3FS, and get the same results when trying to
> rename the folders or files,
> that i created with NTVFS before.
> But if i create new folders with S3FS as administrator, everything works
> fine and users can rename
> or remove all folders, sub folders and files now.
>
> Thats why i think it could be a better solution for me to switch to
> S3FS, backup all existing Files, create
> a new folder structure and copy all files back, that they get the S3FS
> ACL attibutes.
> But i don't know if i run into other problems when switching to S3FS and
> going back again to NTVFS
> is not so easy.
>
>
> Am 17.10.2013 14:04, schrieb jef peeraer:
>> i tested it on my installation and that worked out of the box. I must
>> say i specified Administrator instead of Domain Users in the AD.
>>
>> jef
>>
>> Op 10/16/2013 10:52 PM, X-Dimension schreef:
>>> Hi Jef!
>>>
>>> I have set xattr and acl in /etc/fstab since Samba4 alpha 17.
>>> When i set all permissions to 0777 and also directory mask = 0777 and
>>> create mask = 0777 for all shares
>>> in /etc/smb.conf i get this behavior:
>>>
>>> 1. Login as administrator
>>> - create a folder "test"
>>> - create a file "text.txt" in the folder "test"
>>>
>>> 2. Login as user
>>> - rename or delete the file "text.txt" works fine now! :)
>>> - rename or delete the folder "test" still don't work :-(
>>>
>>> getfacl shows:
>>>
>>> getfacl Test/
>>> # file: Test/
>>> # owner: root
>>> # group: users
>>> user::rwx
>>> group::rwx
>>> other::rwx
>>>
>>> On the Windows side the group "Domain Users" has full access to the
>>> folder "Test".
>>>
>>> Any other ideas, to fix my ACL problem?
>>>
>>> Am 15.10.2013 00:10, schrieb jef peeraer:
>>>> i am also using samba 4.x.x with NTVFS, and experienced the same
>>>> problems. Solved it with setting all directory permissions to 0777,
>>>> and also
>>>>
>>>> directory mask = 0777
>>>> create mask = 0777
>>>>
>>>> I know it looks terrible, but it works. NTVFS still has a lot of
>>>> mysteries for me and doesn't get a lot of attention in the
>>>> newsgroup....
>>>> I suppose you already enabled xattr and acl in the file system.
>>>>
>>>> Jef Peeraer
>>>>
>>>> Op 10/14/2013 02:57 PM, X-Dimension schreef:
>>>>> We had used Samba alpha 17 (included in Resara Server 1.2) for a long
>>>>> time and
>>>>> has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with
>>>>> NTVFS
>>>>> enabled .
>>>>>
>>>>> Most things seems to work: DNS with Bind9_DLZ, domain join, user login
>>>>> and also GPO are still working fine :)
>>>>> But we have trouble with file permissions now!
>>>>> All domain users can't rename or delete their own files which they had
>>>>> created with Samba 4 alpha 17 before.
>>>>> It looks like they only had 'read only' access to their files.
>>>>> For example when the user peter at mydomain wants to rename/delete a file
>>>>> he had created before, then he
>>>>> gets an error message like "only peter at mydomain can rename this
>>>>> file" or
>>>>> "file is locked by peter at mydomain".
>>>>>
>>>>> Our global section of /etc/samba/smb.conf looks like this:
>>>>> --
>>>>> [global]
>>>>>      interfaces = eth0
>>>>>      workgroup = MYDOMAIN
>>>>>      realm = mydomain.lan
>>>>>      netbios name = PDC
>>>>>      server string = PDC
>>>>>      server role = active directory domain controller
>>>>>      passdb backend = samba4
>>>>>      server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>>>>> winbind, ntp_signd, kcc, dnsupdate, smb
>>>>>      dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>>>>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>>>>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>>>>> --
>>>>> Because Samba 4 alpha 17 was using NTVFS, i thought it is the best
>>>>> idea
>>>>> to stay on NTVFS even on Samba 4.0.5.
>>>>> But it looks, like i was wrong.
>>>>>
>>>>> Thanks for any ideas that helps us to fix our permission problem.
>>>>>
>