[Samba] csc policy

L.P.H. van Belle belle at bazuin.nl
Wed Jun 26 07:27:27 UTC 2019 

Good morning Christian, 

> 
> Hi Louis,
> thanks for the feed back.

Your welkom, doing our best. 

> 
> > Hai Christion, 
> > 
> > So yes, i told you this once before it better to setup the 
> windows acl. 
> Yes I know...
> 
> > And yes, but these days in win10 everything is more picky 
> on correct settings. 
> > 
> > Set/verify you profile share again, but setup windows 
> ACL's. not POSIX acls. 
> > See:  
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles 
> 
> Here the share definition is with out the "csc policy" so this means
> here offline files are enabled. Or do you disable it via GPO?
I have offline still enable, but i can easily disable this with GPO. 
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/disable-offline-files-on-folders  

I do all my computer/user setting with GPO's.

> 
> > 
> > Goto : Setup : Using Windows ACLs 
> > 
> > And dont look below this line on the wiki:   Using POSIX 
> ACLs on a Unix domain member  
> > Just dont. 
> > 
> > And  be carefull you can/might reset everything on the share. 
> > And Verify that permission inheritance is disabled on the 
> root of the share
> > 
> > 
> > 
> > If that still gives problems, try adding this setting in 
> the profiles share. 
> >         acl_xattr:ignore system acls = yes 
> > 
> > And setup the share again, this is a must after you set 
> this parameter. 
> > 
> > Personaly, i still use that parameter on profiles and the 
> users share. 
> > A bit to avoid windows acl problem and why not set it if 
> these shares are only use for windows clients. 
> > Note, this is a inheritance of old samba version with bug, 
> this solved it all. 
> > And im now using it about 3 years without problems on my 
> profiles, just saying, i really suggest you test it. 
> 
> I appreciate your feed back as you have much more knowledge in that
> area. And I will look at it (when I have time or if this is 
> not solvable
> by using offline files).
> However, coming back to "csc policy" do you disable this either on the
> share or by GPO in your environment?
All by GPO, see link above. 

> 
> 
> Regards
> 
> Christian
> 


Greetz, 

Louis

More information about the samba mailing list