[Samba] File Server member DC ACL permissions

Ricardo Pardim Claus ricardo.claus at yahoo.com.br
Wed Aug 10 14:18:16 UTC 2016


Previously I had set up a file server with DC on the same machine. As recommendations, created another machine to be the file server. 
I made the settings as far as I could do, but I can not give permissions on shared folders. Must give permissions on shared folders for groups and users of the domain. 
I'm using Samba 4.4.5 in DC's and also the file server. I joined the file server as a domain member. 
About file server member of a domain, I have not found a satisfactory documentation. 
When the second DC was playing the role of file server, permissions worked perfectly. 
What do I need to configure the file server recognizes the permissions of users and AD groups?

Follow my configuration file:


# Global parameters 
netbios name = SRV16 
server string = Samba4 Server 
security = ADS 
encrypt passwords = Yes 
workgroup = DOMAIN 
log file = /var/log/samba/%m.log 
log level = 1 
winbind enum users = yes 
winbind enum groups = yes 
winbind use default domain = Yes 
winbind nss info = rfc2307 
vfs objects = acl_xattr 
map acl inherit = Yes 
store dos attributes = Yes 

comment = Pasta dados 
path = /mnt/data 
read only = No 
browseable = Yes 
inherit acls = Yes 
inherit permissions = Yes 


passwd:     files sss winbind 
shadow:     files sss winbind 
group:      files sss winbind 

hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files 
ethers:     files 
netmasks:   files 
networks:   files 
protocols:  files 
rpc:        files 
services:   files sss 
netgroup:   files sss 
publickey:  nisplus 
automount:  files sss 
aliases:    files nisplus 

With these commands, I can view the AD users and groups. 
wbinfo -u 
wbinfo -g 
getent group 

I realized the Winbind settings as reported in Samba page. 
When I run the following command I get error:

# setfacl -R -m default:group:"Domain Admins":rwx /mnt/data/p1 
setfacl: /mnt/data/p1: Malformed default ACL `user::rwx,group::rwx,group:4294967295:rwx,mask::rwx,other::r-x': Duplicate entries at entry 3 
setfacl: /mnt/data/p1/teste.txt: Malformed default ACL `user::rw-,group::r--,group:4294967295:rwx,mask::rwx,other::r--': Duplicate entries at entry 3 

The missing setting?

More information about the samba mailing list