[Samba] samba 4.6.12. users can't delete files

Carlos Jesus camjesus2 at gmail.com
Wed Feb 14 00:24:00 UTC 2018 

Hi all,
I'm running a small (50 users) AD with an AD-DC and a Domain Member as the
file server. Both running debian Stretch and self-compiled samba 4.6.12.
Bind as DNS.
Multiple shares configured using windows ACLs. All work as expected except
for User Home Folders (https://wiki.samba.org/index.php/User_Home_Folders).
I've created a folder for each user under samba_homes/ and gave full
control to each user to his "folder, sub folder and files". Users can
create and delete subfolders, can create files, open and write to files,
but cannot delete or rename files.
If I check properties on files, I can see that both "full control" and
"modify" are off. Even if I force them by going to the file properties, I
can't get the modify flag to stick.
Any ideas? I'm running out of them...
Thanks

my smb.conf:
[global]
       security = ADS
       workgroup = SOMEDOM
       realm = SOMEDOM.LOCAL
       username map = /usr/local/samba/etc/user.map
       log file = /var/log/samba/%m.log
       log level = 2
       server role = member server
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999

#        winbind nss info = template
#       template shell = /bin/bash
#        template homedir = /home/%U
        idmap config SOMEDOM : backend = rid
        idmap config SOMEDOM : range = 10000-999999
#        winbind enum groups = yes
#       winbind enum users = yes
winbind use default domain = yes

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

aio read size = 16384
aio write size = 16384
aio write behind = true
use sendfile = true
read raw = true
min receivefile size = 16384

[Casa]
        comment = personal folders
        path = /mnt/disco2/samba_homes
        read only = no
        vfs objects = full_audit
        full_audit:prefix = %u|%I
        full_audit:failure = none
        full_audit:success = none
        full_audit:facility = LOCAL7
        full_audit:priority = NOTICE

[Financeiro]
        comment = Departamento Financeiro
        writeable = yes
        path = /mnt/disco2/Users/Financeiro
        vfs objects = full_audit
        full_audit:prefix = %u|%I
        full_audit:failure = none
        full_audit:success = connect disconnect mkdir rmdir pread pwrite $
        full_audit:facility = LOCAL6
        full_audit:priority = NOTICE

[RecHumanos]
       comment = Departamento Recursos Humanos
       writeable = yes
       path = /mnt/disco2/Users/RecHumanos
       vfs objects = full_audit
       full_audit:prefix = %u|%I
       full_audit:failure = none
       full_audit:success = connect disconnect mkdir rmdir pread pwrite u$
       full_audit:facility = LOCAL6
       full_audit:priority = NOTICE

More information about the samba mailing list