[Samba] Rights issue on GPO
mathias dufresne
infractory at gmail.com
Wed Jun 8 14:34:17 UTC 2016
Hi all,
Here is our smb.conf:
[global]
workgroup = AD
realm = AD.DOMAIN.TLD
netbios name = DC200
server role = active directory domain controller
server services = -dns
idmap_ldb:use rfc2307 = yes
#kccsrv:samba_kcc=true
acl_xattr:ignore system acls = yes
winbind nss info = rfc2307
[netlogon]
path = /var/lib/samba/sysvol/ad.domain.tld/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
That's the same on all DC.
We synchronize sysvol directory using rsync with the following command:
rsync -XAavz --delete-after
--password-file=/var/lib/samba/private/rsync_client.secret
rsync://sysvol-replication@dc200/SysVol/ /var/lib/samba/sysvol/
And we get issue with Linux ACLs: they are not the same because some
BUILTIN users and/or groups do not have same id mapping on all DC.
How to force all DC to get same id mapping?
Using "acl_xattr:ignore system acls = yes", are Linux ACLs still important
or are we supposed to use Windows ACLs only into stored into some Samba
file? In that case, which file(s)?
Cheers,
mathias
More information about the samba
mailing list