[Samba] unix_primary_group = yes don t work
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 6 11:08:24 UTC 2019
Hai,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Christian Daré via samba
> Verzonden: woensdag 6 februari 2019 11:54
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] unix_primary_group = yes don t work
>
> Hi,
>
> On a samba 4.9.4 fileserver using ad backend with rfc2307 , when i
> create a file from a Win10 client, it s always created with
> the rights
> user:"domain users".
> I ve understood that with "unix_primary_group = yes" , the
> file should
> be created with the rights user:gidNumber .
Yes, and if the gid resolvs to a name then you see the name of the group.
>
> Here is my config :
> [global]
> security = ADS
> workgroup = SAMBA494
> realm = SAMBA494.UNIV-BREST.FR
> log file = /var/log/samba/%m.log
> log level = 1
>
> idmap config * : backend = tdb
> idmap config * : range = 700000001-800000000
> idmap config SAMBA494 : backend = ad
> idmap config SAMBA494 : range = 100000-4000000
> idmap config SAMBA494 : schema_mode = rfc2307
>
> idmap config SAMBA494 : unix_nss_info = yes
> idmap config SAMBA494 : unix_primary_group = yes
>
> username map = /etc/samba/samba_usermapping
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> winbind enum users = yes
> winbind enum groups = yes
Once your dont testing, set these to winbind enum user/group to No.
Everything keeps working.
You can test this with: getent passwd username / getent passwd group / id group ..
> winbind use default domain = yes
>
> usershare path =
>
> [homes]
> comment = repertoires personnels
> browseable = no
> read only = no
> force create mode = 0755
> force directory mode = 0755
>
> id dare
> uid=202369(dare) gid=151495(pnia) groupes=151495(pnia),105000(domain
> users),700000002(BUILTIN\users)
>
> root at mom11:/home/d/dare# ls -l
> total 8
> drwxrwxr-x+ 2 dare domain users 4096 févr. 6 11:44 test_win10_v1
>
> root at mom11:/home/d/dare# getfacl test_win10_v1/
> # file: test_win10_v1/
> # owner: dare
> # group: domain\040users
> user::rwx
> user:dare:rwx
> group::r-x
> group:domain\040users:r-x
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:dare:rwx
> default:group::r-x
> default:group:domain\040users:r-x
> default:mask::rwx
> default:other::r-x
>
> What am i missing ?
Nope, its exact as you have setup.
Your mistake ( not really a misstake but more a misconfiguration / thought..)
Here your checking the "Windows" acls.
root at mom11:/home/d/dare# getfacl test_win10_v1/
Here your forcing POSTIX acl's.
> force create mode = 0755
> force directory mode = 0755
The above force settings should be removed.
Is this a "userhome dir" or "profiles folder"
Because these needs a bit different rights, .. Depening on you needs..
My suggestion, re-read.
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
And
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
Greetz,
Louis
More information about the samba
mailing list