[Samba] mixing Windows ACL and POSIX ACL shares on one server?

Matthias Leopold matthias.leopold at meduniwien.ac.at
Thu Nov 14 21:33:55 UTC 2019

Am 14.11.19 um 22:12 schrieb Rowland penny via samba:
> On 14/11/2019 20:45, Matthias Leopold via samba wrote:
>> Hi,
>> I posted a similar question in 2018 with no answers, so I'll try again:
>> Is it possible to have shares with Windows ACLs and shares with POSIX 
>> ACLs on the same server (security = user)? Since share permissions are 
>> handled differently for both types of shares I'm not sure if this will 
>> work. I know I could try it out myself, but the question again just 
>> came to my mind and I think there will be clear answer by someone who 
>> knows.
>> thank you
>> Matthias
> 'security = user' means an NT4-style PDC or a standalone server, so you 
> might be able to make this work, but it would mean using the same 
> usernames etc everywhere. To make the share use Windows ACLs, you would 
> have to add 'vfs objects = acl_xattr' to the share config.
> Whether this is a good idea, I am not sure, I mean, what is the user 
> case ? Why would you want to do this, you would probably be better off 
> joining the machine to an AD domain and using Windows ACLs.
> Rowland

Thanks for answer. The use case is an existing server with LDAP backend 
(I described it already here), that started with POSIX ACL shares. I 
discovered the possibilities of Windows ACLs on another LDAP backed 
server and now want to further use Windows ACLs on the first server 
without touching the old shares. This might not look pretty, but this is 
the situation when you deal with "historically grown" setups. Similar 
situation with LDAP vs AD, I'd like to have an AD, management does not.


More information about the samba mailing list