[Samba] make other domain controller shares available to windows clients.

Mike 1100100 at gmail.com
Sat Jul 11 19:00:24 UTC 2020

On Sat, Jul 11, 2020 at 1:41 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
> Hi, did you miss the bits about it not  be recommended to use a DC as a
> fileserver

Yes, this I was aware of. Limited budget and resources made it
necessary to configure the Samba AD DC with file shares too.

> and that you must set the ACL's from Windows.

This I was not aware of --- I've been using setfacl for the last 5
years and never installed RSAT.
I use samba-tool on the commandline to create/modify domain user accounts.
I've used the following example command to make sure shares are
readable/writable for users:  setfacl -R -m g:users:rwx /mnt/data
I thought choosing samba-tool or RSAT was down to sysadmin choice.
I'll try to find this in the wiki.

> Also, you are using the wrong group, it should be Domain Users.

Makes sense, I just cannot figure out why ( setfacl -R -m g:users:rwx
/mnt/data) has always worked for setting AD acls readable/writable for
all domain accounts.
At any rate, it would appear I need to move to RSAT.
And, it appears I need to make a choice about the spare box I have
inherited: deploy it as a backup AD DC or deploy it as a domain member
providing file shares.

Thanks for your guidance.

More information about the samba mailing list