[Samba] File Server member DC ACL permissions

Ricardo Pardim Claus ricardo.claus at yahoo.com.br
Wed Aug 10 14:18:16 UTC 2016 

Greetings, 

Previously I had set up a file server with DC on the same machine. As recommendations, created another machine to be the file server. 
I made the settings as far as I could do, but I can not give permissions on shared folders. Must give permissions on shared folders for groups and users of the domain. 
I'm using Samba 4.4.5 in DC's and also the file server. I joined the file server as a domain member. 
About file server member of a domain, I have not found a satisfactory documentation. 
When the second DC was playing the role of file server, permissions worked perfectly. 
What do I need to configure the file server recognizes the permissions of users and AD groups?


Follow my configuration file:


smb.conf

# Global parameters 
[global] 
netbios name = SRV16 
server string = Samba4 Server 
security = ADS 
encrypt passwords = Yes 
realm = OOMAIN.LOCAL 
workgroup = DOMAIN 
log file = /var/log/samba/%m.log 
log level = 1 
# 
winbind enum users = yes 
winbind enum groups = yes 
winbind use default domain = Yes 
winbind nss info = rfc2307 
vfs objects = acl_xattr 
map acl inherit = Yes 
store dos attributes = Yes 

[dados] 
comment = Pasta dados 
path = /mnt/data 
read only = No 
browseable = Yes 
inherit acls = Yes 
inherit permissions = Yes 


/etc/nsswitch.conf:


passwd:     files sss winbind 
shadow:     files sss winbind 
group:      files sss winbind 

hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files 
ethers:     files 
netmasks:   files 
networks:   files 
protocols:  files 
rpc:        files 
services:   files sss 
netgroup:   files sss 
publickey:  nisplus 
automount:  files sss 
aliases:    files nisplus 


With these commands, I can view the AD users and groups. 
wbinfo -u 
wbinfo -g 
getent group 

I realized the Winbind settings as reported in Samba page. 
When I run the following command I get error:

# setfacl -R -m default:group:"Domain Admins":rwx /mnt/data/p1 
setfacl: /mnt/data/p1: Malformed default ACL `user::rwx,group::rwx,group:4294967295:rwx,mask::rwx,other::r-x': Duplicate entries at entry 3 
setfacl: /mnt/data/p1/teste.txt: Malformed default ACL `user::rw-,group::r--,group:4294967295:rwx,mask::rwx,other::r--': Duplicate entries at entry 3 


The missing setting?

More information about the samba mailing list