[Samba] no attributes after following "Setting up a Share Using Windows ACLs"
Rowland Penny
rpenny at samba.org
Sun Apr 29 11:56:05 UTC 2018
On Sun, 29 Apr 2018 11:05:16 +0200
Lapin Blanc via samba <samba at lists.samba.org> wrote:
> Hi, i have setup an ad dc with samba 4.8, and then rigorously
> followed wiki tutorial at :
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> However, when following the last part (File System ACLs in the Back
> End), I don't get
> the expected results :
>
> [root at mydc ~]# getfattr -d /srv/samba/Demo/
> doesn't yield anything
There is very good reason why you didn't get anything ;-)
The wiki page is wrong, it should be:
getfattr -n security.NTACL -d /srv/samba/Demo/
Which should produce something like this:
getfattr: Removing leading '/' from absolute path
names # file: srv/samba/Demo/
security.NTACL=0sBAAEAAAAAgAEAAIAAQC4zK0lHchKFvwXwbPR/h8P8sXMj5dNIT5QQuWsYwO3RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAEbGxuGu39MBuiZRk2pYxeL5ZWc4au0ikqRAk53MkjVd2b4quyk2WwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABJy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAASSVmaZneO8cxOHk/9AEAAAEFAAAAAAAFFQAAAEklZmmZ3jvHMTh5P0oIAAACAMQABwAAAAALFACpABIAAQEAAAAAAAEAAAAAAAAUAAAAEAABAQAAAAAAAQAAAAAACxQA/wEfAAEBAAAAAAADAAAAAAALFACpABIAAQEAAAAAAAMBAAAAAAMkAP8BHwABBQAAAAAABRUAAABJJWZpmd47xzE4eT9KCAAAAAAkAP8BHwABBQAAAAAABRUAAABJJWZpmd47xzE4eT/0AQAAAAMkAL8BEwABBQAAAAAABRUAAABJJWZpmd47xzE4eT8BAgAA
Which is as clear as mud, so to get it anywhere near readable, try this:
samba-tool ntacl get /srv/samba/Demo --as-sddl
Which will get you this:
O:LAG:S-1-5-21-1768301897-3342589593-1064908849-2122D:PAI(A;OICIIO;0x001200a9;;;WD)(A;;0x00100000;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICI;0x001f01ff;;;S-1-5-21-1768301897-3342589593-1064908849-2122)(A;;0x001f01ff;;;LA)(A;OICI;0x001301bf;;;DU)
Rowland
More information about the samba
mailing list