[Samba] Allowing file permissions changes with mac os x clients.

samba samba at aio.li
Thu Apr 2 13:53:52 MDT 2015

Hi All,

at work all our clients are macs (10.10 yosemite). We are trying to move 
from the classical afp file server to a samba based file server. After a 
lot of testing, things now works more or less: a mac server acts as 
Kerberos+OpenLDAP and a linux debian 7 box is doing the file server with 
samba 4.2.0.

A client which has "joined" (which is bound in mac jargon) the 
OpenLDAP/Kerberos (the opendirectory) domain can mount shares and/or 
home directories on the samba server, leveraging Kerberos and that is 
very nice, thanks to SMB3 being implemented both in samba 4 and in osx 

Yet their is no way the mac client can change the permissions of a file 
whether using the mac "Finder" application or using a classical "chmod". 
The former says only "you have custom permissions.", while the later 
returns 0 says nothing but changes nothing either. For the sake of the 
tests all the shared directories on the samba server are in 777 mode.

I tried vfs_fruit by adding
         vfs objects = catia fruit streams_xattr
         fruit:resource = file
         fruit:metadata = stream
         fruit:locking = none
         fruit:encoding = native
         fruit:aapl = yes
but with no luck (performances are way worse with these lines enabled 
when it should be the contrary... did not investigate that yet)

Here is my smb.conf:
         security = ads
         encrypt passwords = yes
         realm = OD.EXAMPLE.COM
         password server = od.example.com
         workgroup = OD
         kerberos method = dedicated keytab
         dedicated keytab file = /etc/krb5.keytab
         map to guest = never
         obey pam restrictions = no
         client min protocol = SMB3
         unix extensions = yes
         ea support = yes
         case sensitive = yes
         delete readonly = yes
         winbind enum users  = no
         winbind enum groups =  no
         path = /mnt/users/%u
         comment = Home Directory for %U
         valid users = %S
         read only = no
         browseable = no
         hide unreadable = yes
         hide unwriteable files = yes

Any help would be much appreciated.

More information about the samba mailing list