[Samba] Trouble managing ACLs from Windows
Johannes Engel
jcnengel+samba at gmail.com
Wed Nov 8 11:59:28 UTC 2017
Hello list,
following the guidance from here
(https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs)
I have set up a file server which is member of a Samba 4.6.9 AD domain.
I have created ACLs using a Windows client with a domain admin account.
While I have no issues with some folders, the server denies access to
others to users that should have access by means of group membership.
I tried to simulate this using the "Effective access" tab in the
security settings per folder using the admin account where it shows that
access should be granted to the respective user. However, I noted that
sometimes the group SIDs are not properly resolved to the names.
The file server itself is using sssd instead of winbind. Administrator
is mapped to root using the mapping file, the filesystem underneath the
share is BTRFS.
Any suggestion where I could dig deeper?
The respective section from smb.conf:
[global]
realm = SAMBA.MYDOMAIN.COM
security = ADS
kerberos method = secrets and keytab
server role = member server
server services = s3fs
disable netbios = yes
smb ports = 445
idmap_ldb:use rfc2307 = yes
browseable=yes
username map = /etc/samba/file.map
vfs objects = streams_xattr acl_xattr
map acl inherit = yes
store dos attributes = yes
[ShareName]
comment = Description
path = /mnt/data/sharedir
read only = No
vfs objects = acl_xattr recycle snapper btrfs
recycle:keeptree = yes
recycle:maxsize = 536870912
Thanks a lot!
Best regards
Johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20171108/45dceedd/signature.sig>
More information about the samba
mailing list