[Samba] Windows ACL behaviour in standalone fileservers (LDAP vs TDB)
Matthias Leopold
matthias.leopold at meduniwien.ac.at
Wed Jan 23 10:50:59 UTC 2019
Hi,
I'm building and managing standalone fileservers (security = user) with
various passdb backends. I'm noticing different behaviour of Windows
ACLs for servers with LDAP and TDB passdb backends.
In a LDAP backed server (which I started with) I can freely add
filesystem permissions (eg for groups) to objects (files/folders) via
the Windows (7) permissions editor.
In a TDB backed server I can only add permission to a folder for a group
if the containing folder has (any) permissions for that group.
Additionally I have to enter my credentials again in the permissions
editor, which isn't needed on the LDAP backed server.
Configuration for both servers from a "result view" looks identical to me:
- "net groupmap list" is identical
- both use "security = user" and "acl_xattr"
I'm obviously not an expert for Windows ACLs, a workmate Windows Admin
told me that the second behaviour is what he would expect, still I'm
confused.
Samba is 4.8.3 on CentOS 7.
thx
Matthias
More information about the samba
mailing list