[Samba] Samba, ACLs and 'primary group'...

Rowland penny rpenny at samba.org
Wed Feb 5 14:45:29 UTC 2020

On 05/02/2020 14:31, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
>    In chel di` si favelave...
>> Do you have ANY Windows clients ?
> Sure! Most of my clients are windows.
>> If the answer is yes, then you need to follow the 'Setting up a share using
>> windows ACLs' page and make your Linux clients work with this.
>> If the answer is no, then you can follow the POSIX ACLs page.
>> Do not try to mix the two.
> Rowland, i'm simply trying to understand, or better, trying to match my
> experience with Samba in NT mode with AD mode.
An nt4-style domain is nothing like an AD domain, yes there are 
similarities, but they work very differently.
> In these years seems i've sticked with 'POSIX ACLs', building around
> policy and scrpts to manage ACLs, so probably it is better to keep at
> it (for me, of course).
> And my Windows client works happily!
If you only had Unix clients, then you could stick with this way of 
doing things, but you have Windows clients, so you need to work the 
Windows way and make your Unix clients work the same way.
> Also, for the tests i've done, 'windows ACL' works as depicted on the
> wiki page if and only if you set also:
>         acl_xattr:ignore system acls = yes
>         acl_xattr:default acl style = windows

It works for me without those lines.


More information about the samba mailing list