[Samba] Windows ACL behaviour in standalone fileservers (LDAP vs TDB)
Matthias Leopold
matthias.leopold at meduniwien.ac.at
Mon Jan 28 09:09:43 UTC 2019
I noticed I didn't ask a question ;-)
Has anybody seen this behaviour? Can this be explained?
thank you
matthias
Am 23.01.19 um 11:50 schrieb Matthias Leopold via samba:
> Hi,
>
> I'm building and managing standalone fileservers (security = user) with
> various passdb backends. I'm noticing different behaviour of Windows
> ACLs for servers with LDAP and TDB passdb backends.
>
> In a LDAP backed server (which I started with) I can freely add
> filesystem permissions (eg for groups) to objects (files/folders) via
> the Windows (7) permissions editor.
>
> In a TDB backed server I can only add permission to a folder for a group
> if the containing folder has (any) permissions for that group.
> Additionally I have to enter my credentials again in the permissions
> editor, which isn't needed on the LDAP backed server.
>
> Configuration for both servers from a "result view" looks identical to me:
> - "net groupmap list" is identical
> - both use "security = user" and "acl_xattr"
>
> I'm obviously not an expert for Windows ACLs, a workmate Windows Admin
> told me that the second behaviour is what he would expect, still I'm
> confused.
>
> Samba is 4.8.3 on CentOS 7.
>
> thx
> Matthias
>
More information about the samba
mailing list