[Samba] Windows ACLs : problems
Stefan G. Weichinger
lists at xunil.at
Mon Feb 24 08:52:58 UTC 2020
domain member server, Samba version 4.10.11-Debian
dedicated keytab file = /etc/krb5.keytab
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
preferred master = No
printcap name = /dev/null
realm = customer.INTRA
security = ADS
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
unix charset = iso8859-15
unix extensions = No
username map = /etc/samba/samba_usermapping
winbind cache time = 10
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = customer
full_audit:priority = notice
full_audit:facility = local5
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:failure = connect
full_audit:prefix = %u|%I|%m|%S
idmap config customer : backend = rid
idmap config customer : range = 10000-20000
idmap config * : range = 3000-7999
idmap config * : backend = tdb
acl allow execute always = Yes
inherit acls = Yes
map acl inherit = Yes
vfs objects = acl_xattr full_audit
wide links = Yes
multiple shares, one of them:
path = /mnt/MSA2040/smb/QM
read only = No
Windows ACLs set on the shares, worked fine so far.
The share "QM" gives us issues when we edit ACLs via RSAT on windows DC.
Tried to remove acls on linux with
setfacl -bnR .
Folder is owned by
I don't know how to fix this and ask for help.
So far I always was able to reset that by chowning the folder, chmod 770
... and after that I could edit the ACLs via RSAT.
thanks for pointers!
More information about the samba