[Samba] samba configuration

Rowland Penny rpenny at samba.org
Sun Aug 5 08:07:03 UTC 2018 

On Sat, 4 Aug 2018 20:33:16 -0500
Ivan Rojas via samba <samba at lists.samba.org> wrote:

> How can I get all the users who deleted the files and folders in the
> recycling folder, I have configured it and I delete folders with
> different users of the active directory but it only comes from a
> user, I send the complete configuration so that they can help.
> 
> ----
> # Global parameters
> [global]
>         workgroup = SOPORTE
>         realm = SOPORTE.LOCAL
>         netbios name = ADSSERVER
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
>         winbind enum users = yes
>         winbind enum groups = yes
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/soporte.local/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> [sistemas]
>         path = /opt/sistemas
>         read only = no
>         force directory mode = 770
>         force create mode = 660
>         create mask = 0770
>         directory mask = 0770
> # Papelera de reciclaje
>         vfs objects = recycle full_audit
>         recycle:repository = /opt/recycle/recycle_sistemas/%u/%m
>         recycle:versions = Yes
>         recycle:keeptree = Yes
>         recycle:touch = yes
> 
> [RECYCLE BIN]
>         comment = Papelera de reciclaje
>         path = /opt/recycle
>         public = yes
>         writable = yes
>         admin users = SOPORTE\administrator
>         write list = SOPORTE\administrator
>         browseable = yes
> 
> ------
> 
> root at adsserver:/opt/recycle/recycle_sistemas# ll
> total 12
> drwx------ 3 SOPORTE\cmiranda users 4096 ago  4 19:13 ./
> drwxrwxr-x 3 root             users 4096 ago  4 19:13 ../
> drwx------ 3 SOPORTE\cmiranda users 4096 ago  4 19:13
> SOPORTE\cmiranda/

You are trying to do this on a DC, this means that you must use Windows
ACL's, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

If you read that page, you will find this warning:

Do not set additional share parameters, such as force user. Adding them
to the share definition can prevent you from configuring or using the
share.

Or, to put it another way, I do not think it will work as is.

Rowland

More information about the samba mailing list