[Samba] Rights issue on GPO

mathias dufresne infractory at gmail.com
Wed Jun 8 14:34:17 UTC 2016

Hi all,

Here is our smb.conf:
        workgroup = AD
        realm = AD.DOMAIN.TLD
        netbios name = DC200
        server role = active directory domain controller

        server services = -dns
        idmap_ldb:use rfc2307 = yes

        acl_xattr:ignore system acls = yes
        winbind nss info = rfc2307

        path = /var/lib/samba/sysvol/ad.domain.tld/scripts
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

That's the same on all DC.

We synchronize sysvol directory using rsync with the following command:
rsync -XAavz --delete-after
rsync://sysvol-replication@dc200/SysVol/ /var/lib/samba/sysvol/

And we get issue with Linux ACLs: they are not the same because some
BUILTIN users and/or groups do not have same id mapping on all DC.

How to force all DC to get same id mapping?

Using "acl_xattr:ignore system acls = yes", are Linux ACLs still important
or are we supposed to use Windows ACLs only into stored into some Samba
file? In that case, which file(s)?



More information about the samba mailing list