[Samba] Profile ACLs
Rowland Penny
rpenny at samba.org
Thu Nov 23 10:20:43 UTC 2017
On Thu, 23 Nov 2017 09:01:55 +0100
Christian Naumer via samba <samba at lists.samba.org> wrote:
> Hello all,
> as the "profile acls = Yes" option has become deprecated in Samba 4.7
> I wanted to ask what the preferred way is of doing this?
> The Wiki
> (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles) still
> uses "profile acls = Yes" when using posix acls.
I have updated the wikipage, based on the info found the patch commit.
> This has been running in NT Classic Domain for years and since we
> upgraded to AD a year ago still has been working fine. It is different
> then the Wiki but comes from Samba 3.6 times and worked so far.
>
> Should we switch to using Windows ACLs? And if this is the recommended
> way how to best "migrate"?
At the moment, 'profile acls' is only deprecated, it hasn't gone away
yet, so if it is still working for you, there is no need to do anything.
It may be removed in a later version of Samba, but if it is, it will
most likely be a major version, e.g. 4.9.0
You could test using Windows ACLs or what the Samba wiki shows now.
What I personally would suggest is to consider upgrading to an AD
domain. It seems to be getting harder and harder to get Windows to
connect to an NT4-style domain and upgrading brings several advantages.
Rowland
More information about the samba
mailing list