[Samba] unix_primary_group = yes don t work
Christian Daré
christian.dare at univ-brest.fr
Wed Feb 6 12:25:08 UTC 2019
thanks for the answer, Louis.
i m talking about the userhome dir.
I ve already read https://wiki.samba.org/index.php/User_Home_Folders and
i m applying the posix acls to my share.
As the users's home is shared between windows and linux, i d rather use
the posix acls than the windows ones.
Beside the homedir of my users have a form like /home/ first letter of
name /login ( ex : /home/d/dare ) and i cant change that, this is why i
use the [home] share , it s the simplier solution for me.
Is it mandatory to use the windows acls to have the functionnality i m
looking for ?
Le 06/02/2019 à 12:08, L.P.H. van Belle via samba a écrit :
> Hai,
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Christian Daré via samba
>> Verzonden: woensdag 6 februari 2019 11:54
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] unix_primary_group = yes don t work
>>
>> Hi,
>>
>> On a samba 4.9.4 fileserver using ad backend with rfc2307 , when i
>> create a file from a Win10 client, it s always created with
>> the rights
>> user:"domain users".
>> I ve understood that with "unix_primary_group = yes" , the
>> file should
>> be created with the rights user:gidNumber .
> Yes, and if the gid resolvs to a name then you see the name of the group.
>
>> Here is my config :
>> [global]
>> security = ADS
>> workgroup = SAMBA494
>> realm = SAMBA494.UNIV-BREST.FR
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 700000001-800000000
>> idmap config SAMBA494 : backend = ad
>> idmap config SAMBA494 : range = 100000-4000000
>> idmap config SAMBA494 : schema_mode = rfc2307
>>
>> idmap config SAMBA494 : unix_nss_info = yes
>> idmap config SAMBA494 : unix_primary_group = yes
>>
>> username map = /etc/samba/samba_usermapping
>>
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>>
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> winbind enum users = yes
>> winbind enum groups = yes
> Once your dont testing, set these to winbind enum user/group to No.
> Everything keeps working.
> You can test this with: getent passwd username / getent passwd group / id group ..
>
>> winbind use default domain = yes
>>
>> usershare path =
>>
>> [homes]
>> comment = repertoires personnels
>> browseable = no
>> read only = no
>> force create mode = 0755
>> force directory mode = 0755
>>
>> id dare
>> uid=202369(dare) gid=151495(pnia) groupes=151495(pnia),105000(domain
>> users),700000002(BUILTIN\users)
>>
>> root at mom11:/home/d/dare# ls -l
>> total 8
>> drwxrwxr-x+ 2 dare domain users 4096 févr. 6 11:44 test_win10_v1
>>
>> root at mom11:/home/d/dare# getfacl test_win10_v1/
>> # file: test_win10_v1/
>> # owner: dare
>> # group: domain\040users
>> user::rwx
>> user:dare:rwx
>> group::r-x
>> group:domain\040users:r-x
>> mask::rwx
>> other::r-x
>> default:user::rwx
>> default:user:dare:rwx
>> default:group::r-x
>> default:group:domain\040users:r-x
>> default:mask::rwx
>> default:other::r-x
>>
>> What am i missing ?
> Nope, its exact as you have setup.
> Your mistake ( not really a misstake but more a misconfiguration / thought..)
>
> Here your checking the "Windows" acls.
> root at mom11:/home/d/dare# getfacl test_win10_v1/
>
> Here your forcing POSTIX acl's.
>> force create mode = 0755
>> force directory mode = 0755
> The above force settings should be removed.
>
> Is this a "userhome dir" or "profiles folder"
> Because these needs a bit different rights, .. Depening on you needs..
> My suggestion, re-read.
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> And
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>
> Greetz,
>
> Louis
>
>
>
>
>
>
>
--
UBO <http://www.univ-brest.fr>
More information about the samba
mailing list