[Samba] Allowing file permissions changes with mac os x clients.

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 2 14:32:08 MDT 2015 

On 02/04/15 20:53, samba wrote:
> Hi All,
>
> at work all our clients are macs (10.10 yosemite). We are trying to 
> move from the classical afp file server to a samba based file server. 
> After a lot of testing, things now works more or less: a mac server 
> acts as Kerberos+OpenLDAP and a linux debian 7 box is doing the file 
> server with samba 4.2.0.
>
> A client which has "joined" (which is bound in mac jargon) the 
> OpenLDAP/Kerberos (the opendirectory) domain can mount shares and/or 
> home directories on the samba server, leveraging Kerberos and that is 
> very nice, thanks to SMB3 being implemented both in samba 4 and in osx 
> 10.10.
>
> Yet their is no way the mac client can change the permissions of a 
> file whether using the mac "Finder" application or using a classical 
> "chmod". The former says only "you have custom permissions.", while 
> the later returns 0 says nothing but changes nothing either. For the 
> sake of the tests all the shared directories on the samba server are 
> in 777 mode.
>
> I tried vfs_fruit by adding
>         vfs objects = catia fruit streams_xattr
>         fruit:resource = file
>         fruit:metadata = stream
>         fruit:locking = none
>         fruit:encoding = native
>         fruit:aapl = yes
> but with no luck (performances are way worse with these lines enabled 
> when it should be the contrary... did not investigate that yet)
>
> Here is my smb.conf:
> [global]
>         security = ads
>         encrypt passwords = yes
>         realm = OD.EXAMPLE.COM
>         password server = od.example.com
>         workgroup = OD
>         kerberos method = dedicated keytab
>         dedicated keytab file = /etc/krb5.keytab
>         map to guest = never
>         obey pam restrictions = no
>         client min protocol = SMB3
>         unix extensions = yes
>         ea support = yes
>         case sensitive = yes
>         delete readonly = yes
>         winbind enum users  = no
>         winbind enum groups =  no
> [homes]
>         path = /mnt/users/%u
>         comment = Home Directory for %U
>         valid users = %S
>         read only = no
>         browseable = no
>         hide unreadable = yes
>         hide unwriteable files = yes
>
> Any help would be much appreciated.
> Jeremie

Do you actually have an Active Directory domain controller ? security = 
ads is for AD

Rowland

More information about the samba mailing list