[Samba] "missing security tab" and related ACL issues
Stefan G. Weichinger
lists at xunil.at
Fri Sep 7 12:02:01 UTC 2018
Am 07.09.18 um 12:45 schrieb Rowland Penny via samba:
> On Fri, 7 Sep 2018 11:22:36 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>> At a customer server (gentoo linux, so far only Samba version 4.7.7)
>> we tried to use Windows ACLs and failed:
>> no security tab in Windows ... for local C: yes, not on samba shares
>> Yes, I followed
>> and have the vfs module enabled etc
>> Now I consider that the kernel doesn't have the necessary flags set.
>> I get
>> # getfattr -n security.NTACL -d /mnt/MSA2040/smb/IT
>> /mnt/MSA2040/smb/IT: security.NTACL: Operation not supported
>> # getfacl /mnt/MSA2040/smb/IT
>> getfacl: Removing leading '/' from absolute path names
>> # file: mnt/MSA2040/smb/IT
>> # owner: ittner
>> # group: dom�nen-benutzer
>> From the old kernel config I see these flags unset:
>> # CONFIG_EXT4_FS_POSIX_ACL is not set
>> # CONFIG_EXT4_FS_SECURITY is not set
>> So I prepared a new kernel with these 2 flags enabled and will reboot
>> at 2:30pm ... We'll see!
>> Any other issues I might miss here?
> Apart from the fact getattr works on an EA and getfacl works on
> extended ACL's i.e. different things ? ;-)
what? One works, the other not ... I interpret that the kernel doesn't
support the ACL-feature of ext4
> Stop me if I am wrong, but isn't 'benutzer' German for 'users' ?
> What is the the German for 'admins' ?
# wbinfo -g | grep -i admin
specops endpoint protection report admins
Binary file (standard input) matches
?? no "domänen-admins" in here
net rpc rights grant "DOM\domänen-admins" SeDiskOperatorPrivilege -U
fails because the group is not found
I asked that already some times ago
and I try to work around that by granting that right to a group called
IT and the few admins in there
At 2:30pm we plan to reboot into the other kernel.
More information about the samba