[Samba] Samba43 ACL's issues
Juan Garcia
juan at ish.com.au
Thu Jun 23 01:18:42 UTC 2016
On 21/06/2016 10:22 PM, Mueller wrote:
> What about this in your global section
> create mask = 770
> force create mode = 770
> directory mask = 770
> force directory mode = 770
>
> Greetings
> Daniel
>
Hi Daniel, Thanks for your response. Those settings are already in my
smb4.conf
Global parameters
[global]
interfaces = 192.168.1.100
bind interfaces only = yes
workgroup = CW1
realm = DOMAIN.NAME.COM.AU
netbios name = SERVER1
server role = active directory domain controller
dns forwarder = 192.168.1.1
printing = bsd
server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6, backupkey, dnsserver
restrict anonymous = 1
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = no
unix extensions = no
inherit acls = yes
inherit permissions = yes
ea support = no
idmap_ldb:use rfc2307 = yes
browseable= yes
writable = yes
read only= no
create mask = 770
force create mode = 770
directory mask = 770
force directory mode = 770
The problem is not about accessing folders, we want to be able to assign
to an specific folder different permissions inside the same file share
Let's say I have this set up:
Share:
Public/
Subfloder:
Public/folder1
Required Permissions:
DM\user.one -> full access
DM\user.two -> readonly
So in windows with an administrator account I right click on the folder
to assign this permissions on the Security tab, right after I hit
"apply" I get:
An error occurred while applying security information to:
Public/folder1
The parameter is incorrect
Any ideas?
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> Email: mueller at tropenklinik.de
> www.tropenklinik.de
> www.bauen-sie-mit.tropenklinik.de
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Juan Garcia [mailto:juan at ish.com.au]
> Gesendet: Dienstag, 21. Juni 2016 13:47
> An: samba at lists.samba.org
> Betreff: [Samba] Samba43 ACL's issues
>
> Hi there,
>
> I'm having trouble with permissions and ACL's running samba43.
>
> I want to be able to set permissions on a folder to an specific user.
>
> I'm having a similar issue reported here https://lists.samba.org/archive/samba/2010-July/156965.html
>
> However my error message is slightly different:
>
> When I set the permission on an specific user by creating a new folder inside the share, right click -> properties -> security tab I get:
>
> An error ocurred while applying security information to:
>
> \\servername\test
>
> The parameter is incorrect
>
>
> I have tried changing the permissions manually with "chmod a+rwx /test/"
>
> But this does not look like a permissions problem this looks more like samba or some setting in smb4.con itself
>
>
> this is my smb4.conf file:
>
> Global parameters
> [global]
> interfaces = 192.168.1.100
> bind interfaces only = yes
> workgroup = CW1
> realm = DOMAIN.NAME.COM.AU
> netbios name = SERVER1
> server role = active directory domain controller
> dns forwarder = 192.168.1.1
> printing = bsd
> server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, dns
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver
> restrict anonymous = 1
> map acl inherit = no
> store dos attributes = yes
> unix extensions = no
> ea support = no
> idmap_ldb:use rfc2307 = yes
> browseable= yes
> writable = yes
> read only= no
> create mask = 770
> force create mode = 770
> directory mask = 770
> force directory mode = 770
> kerberos method = system keytab
> client ldap sasl wrapping = sign
> allow dns updates = nonsecure and secure
>
> [test]
> path = /var/fileshare/test
> valid users = @DOMAIN.NAME.COM.AU\staff
> guest ok = yes
> read only = no
>
> Not sure what am I missing, I appreciate your help.
>
> Regards,
>
More information about the samba
mailing list