[Samba] ACL inheritance not working as expected.

Carlos Jesus camjesus2 at gmail.com
Tue Jan 7 22:25:27 UTC 2020 

Hello list!
For some reason ACL inheritance is not working on my FS. Anytime anyone
creates a folder/file under a share, the permissions are not inherited.
My system is a 2DC + a FS running samba 4.10.10. Everything self compiled
running on Debian Buster.
Several shares were created according to
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

By adding the following lines to the [global] section I forced samba to
inherit permissions, but I thought that this was deprecated and that map
acl inherit was the only thing needed.
inherit acls = yes
inherit owner = yes
inherit permissions = yes

Any ideas?

My smb.conf for the FS:
[global]
        security = ADS
        workgroup = EUROHIDRA
        realm = EUROHIDRA.LOCAL
        netbios name = EHFS
        interfaces = lo br0
        bind interfaces only = yes
        log file = /var/log/samba/%U.log
        log level = 1
        username map = /usr/local/samba/etc/user.map

        local master = no
        time server = no
        wins support = no

        idmap config EUROHIDRA : backend = ad
        idmap config EUROHIDRA : range = 10000-999999
        idmap config EUROHIDRA : schema_mode = rfc2307
        idmap config EUROHIDRA : unix_nss_info = yes
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999

        winbind use default domain = yes
#       winbind enum groups = yes
#       winbind enum users = yes
        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U

        vfs objects = acl_xattr
        map acl inherit = yes

        kerberos method = secrets and keytab
        dedicated keytab file = /etc/krb5.keytab
        winbind refresh tickets = Yes

#only for ext4. remove for other FS's
        strict allocate = yes

        smbd profiling level 1
        min receivefile size = 16384
        use sendfile = yes
        server min protocol = SMB2
        write cache size = 65536

#For 4 minutes to release lock (Outlook remember?)
socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15

        load printers = no
        printcap name = /dev/null

[Tecnico]
        comment = Departamento Tecnico
        writeable = yes
        path = /mnt/disco2/Users/Tecnico
        vfs objects = full_audit
        full_audit:prefix = %u|%I
        full_audit:failure = none
        full_audit:success = mkdir rmdir pread pwrite unlink sendfile
rename op$
        full_audit:facility = LOCAL5
        full_audit:priority = NOTICE

More information about the samba mailing list