[Samba] Windows ACLs : problems
Stefan G. Weichinger
lists at xunil.at
Mon Feb 24 08:52:58 UTC 2020
Status:
domain member server, Samba version 4.10.11-Debian
[global]
dedicated keytab file = /etc/krb5.keytab
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
preferred master = No
printcap name = /dev/null
realm = customer.INTRA
security = ADS
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
unix charset = iso8859-15
unix extensions = No
username map = /etc/samba/samba_usermapping
winbind cache time = 10
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = customer
full_audit:priority = notice
full_audit:facility = local5
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:failure = connect
full_audit:prefix = %u|%I|%m|%S
idmap config customer : backend = rid
idmap config customer : range = 10000-20000
idmap config * : range = 3000-7999
idmap config * : backend = tdb
acl allow execute always = Yes
inherit acls = Yes
map acl inherit = Yes
vfs objects = acl_xattr full_audit
wide links = Yes
-
multiple shares, one of them:
[QM]
path = /mnt/MSA2040/smb/QM
read only = No
Windows ACLs set on the shares, worked fine so far.
I followed
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
...
The share "QM" gives us issues when we edit ACLs via RSAT on windows DC.
access denied
Tried to remove acls on linux with
setfacl -bnR .
Folder is owned by
administrator:10513
etc etc
-
I don't know how to fix this and ask for help.
So far I always was able to reset that by chowning the folder, chmod 770
... and after that I could edit the ACLs via RSAT.
thanks for pointers!
More information about the samba
mailing list