[Samba] Windows ACLs : problems

Stefan G. Weichinger lists at xunil.at
Wed Feb 26 09:48:17 UTC 2020


Am 25.02.20 um 16:32 schrieb Stefan G. Weichinger via samba:
> Am 25.02.20 um 15:29 schrieb Stefan G. Weichinger via samba:
> 
>> Hm, I understand that partially, it seems.
>>
>> Fact is that I can't edit the share from within Windows with the
>> DOM\Administrator user right now.
>>
>> No read permissions ..
> 
> fixed it partially but not satisfyingly or correct
> 
> mixture of "chown root:10512" , setfacl ... root:rwx etc
> 
> But it isn't working *right*
> 
> And I still don't understand why ...
> 
> I am afk now for some hours and will maybe start over doing all this
> with a specific test share.

Had my share [acltest] working an hour ago, now again "access denied".

Oh my.


Anything wrong here related to Windows ACLs ? ->




[global]
	dedicated keytab file = /etc/krb5.keytab
	domain master = No
	kerberos method = secrets and keytab
	load printers = No
	local master = No
	preferred master = No
	printcap name = /dev/null
	realm = customer.INTRA
	security = ADS
	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
	unix charset = iso8859-15
	unix extensions = No
	username map = /etc/samba/samba_usermapping
	winbind cache time = 10
	winbind refresh tickets = Yes
	winbind use default domain = Yes
	workgroup = customer
	full_audit:priority = notice
	full_audit:facility = local5
	full_audit:success = mkdir rmdir read pread write pwrite rename unlink
	full_audit:failure = connect
	full_audit:prefix = %u|%I|%m|%S
	idmap config customer : backend = rid
	idmap config customer : range = 10000-20000
	idmap config * : range = 3000-7999
	idmap config * : backend = tdb
	acl allow execute always = Yes
	inherit acls = Yes
	map acl inherit = Yes
	vfs objects = acl_xattr full_audit
	wide links = Yes



More information about the samba mailing list