[Samba] ACL SHARE

L.P.H. van Belle belle at bazuin.nl
Tue Jun 27 14:32:22 UTC 2017 

Hai Carlos, 

I suggest start here :
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File 

Which says..

# Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

And you want RID, 
https://wiki.samba.org/index.php/Idmap_config_rid 


So fix you smb.conf, restart samba. 
Run : net cache flush

Test id username
And try again. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Carlos A. P. Cunha via samba
> Verzonden: dinsdag 27 juni 2017 16:26
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] ACL SHARE
> 
> Hello
> I have a Debian 8 with samba (Version 4.2.10-Debian) that 
> serves as Fileserver.
> 
> My smb.conf
> 
> [global]
>          workgroup = XXXXX
>          realm = GRUPO.XXXXX.COM.BR
> 
>          security = ADS
>          idmap config * : backend = rid
>          idmap config * : range = 100000-999999
> 
>          client schannel = no
>          allow trusted domains = yes
>          winbind use default domain = yes
>          winbind refresh tickets = Yes
>          winbind offline logon = no
>          winbind cache time = 360
> 
>          winbind enum users  = yes
>          winbind enum groups = yes
> 
>          template shell = /bin/bash
>          template homedir = /home/%U
> 
> 
>          map to guest = bad user
>          guest account = guest
>          guest ok = yes
> 
>          vfs objects = acl_xattr
>          map acl inherit = Yes
>          store dos attributes = Yes
> 
> I have sharing:
> 
> [QUALIDADELEITE]
>          path = /home/QUALIDADELEITE
>          browseable = yes
>          writeable = yes
>          printable = no
>          create mask = 0770
>          force directory mode = 0770
>          force create mode = 0770
>          force group = +qualidadeleite
>          valid users = @qualidadeleite
> 
> 
> getfacl /home/QUALIDADELEITE
> # file: home/QUALIDADELEITE
> # owner: root
> # group: qualidadeleite
> user::rwx
> group::rwx
> other::---
> default:user::rwx
> default:group::r-x
> default:group:qualidadeleite:rwx
> default:mask::rwx
> default:other::r-x
> 
> My doubts inside have an ok.txt file
> 
> Getfacl ok.txt
> # File: ok.txt
> # Owner: root
> # Group: root
> User :: rwx
> Group :: r-x #effective: ---
> Group: qualidadeleite: rwx #effective: --- Mask :: --- Other :: ---
> 
> The problem in this way a user of the qualidadeleite group 
> can not do anything in the file, even though they have 
> permissions via ACL, this only happens on shares.
> Direct on the file System the ACL permission is functional.
> 
> Access to this directory occurs both direct (ssh) and via shares.
> 
> Do you know what it can be?
> 
> 
> Regards
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list