[Samba] Windows ACLs : problems

Stefan G. Weichinger lists at xunil.at
Mon Feb 24 08:52:58 UTC 2020


domain member server, Samba version 4.10.11-Debian

	dedicated keytab file = /etc/krb5.keytab
	domain master = No
	kerberos method = secrets and keytab
	load printers = No
	local master = No
	preferred master = No
	printcap name = /dev/null
	realm = customer.INTRA
	security = ADS
	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
	unix charset = iso8859-15
	unix extensions = No
	username map = /etc/samba/samba_usermapping
	winbind cache time = 10
	winbind refresh tickets = Yes
	winbind use default domain = Yes
	workgroup = customer
	full_audit:priority = notice
	full_audit:facility = local5
	full_audit:success = mkdir rmdir read pread write pwrite rename unlink
	full_audit:failure = connect
	full_audit:prefix = %u|%I|%m|%S
	idmap config customer : backend = rid
	idmap config customer : range = 10000-20000
	idmap config * : range = 3000-7999
	idmap config * : backend = tdb
	acl allow execute always = Yes
	inherit acls = Yes
	map acl inherit = Yes
	vfs objects = acl_xattr full_audit
	wide links = Yes


multiple shares, one of them:

	path = /mnt/MSA2040/smb/QM
	read only = No

Windows ACLs set on the shares, worked fine so far.

I followed


The share "QM" gives us issues when we edit ACLs via RSAT on windows DC.

access denied

Tried to remove acls on linux with

setfacl -bnR  .

Folder is owned by


etc etc


I don't know how to fix this and ask for help.

So far I always was able to reset that by chowning the folder, chmod 770
...  and after that I could edit the ACLs via RSAT.

thanks for pointers!

More information about the samba mailing list