[Samba] Samba4: use Posix-ACLs only? (ext4 - NFS4+CIFS - Fileserver)

Alex Crow acrow at integrafin.co.uk
Thu Nov 17 14:40:59 UTC 2016

On 17/11/16 13:15, Reinald Gfuellner via samba wrote:
> I try to set up a Samba4-based Fileserver in an Samba3-DC enviroment.
> Filesystem is ext4, CIFS + NFS4 should be provided. The same ACLs should
> be used over both protocols.
> With Samba 3 this was possible (using POSIX 1003.1e DRAFT 17 ACLs only)
> . How can I do the same with Samba 4 ?
>      Posix-ACLs set on the server with setfacl are recogniced on a
>      windows-client. But every change I do on a windows-client is not
>      visible on the posix-side (i.e. not reflected on the fileserver or
>      on a NFS4-client using getfacl or nfs4_getfacl)
> Do I make some trivial mistake, is it just the samba4 version used or is
> it in general not longer possible/supported to restrict Samba to
> Posix-ACLs understood in an ext4-enviroment? Thanks for any hint.
> OS: Ubuntu 14.04 LTS ,
> Samba: samba 2:4.1.6+dfsg-1ubuntu2
> <https://forums.linuxmint.com/viewtopic.php?f=157&p=1159792#p1159792>
> /etc/fstab:
> /dev/m1404-filea-vg1/dist_it_test2                      /dist/it_test2                           ext3     acl,usrjquota=aquota.user,jqfmt=vfsv0        0       0
> /etc/samba/smb.conf:
> ...
>     # vfs objects = acl_xattr
>     map acl inherit = yes
>     store dos attributes = yes
> ...


We use POSIX ACLs and they seem to work.

map acl inherit = Yes
nt acl support = yes

but *not*

vfs objects = acl_xattr


This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).

More information about the samba mailing list