[Samba] include in smb.conf

Rowland penny rpenny at samba.org
Tue Jun 9 13:06:04 UTC 2020

On 09/06/2020 12:59, Marcio Demetrio Bacci wrote:
> Hi Rowland
> >Hi Marcio, we would need more info, where are you migrating the 
> home folders from ? and where to ?
> I copied Windows Server 2008 folders and permissions with ROBOCOPY to 
> my Samba 4 server.
> The folders must be mounted on a drive letter, ex: "H" in the windows 
> clients workstations.
So, you are referring to Windows home Directories, now stored on a Samba 
server. Next question, what sort of Samba server, a DC, Unix domain 
member or what ?
> >You may be able to use something like rsync, but there might be a 
> better way, it depends where the home folders are now.
> What would the best way?
As they are now on the Samba server, you now need to get your windows 
clients to use them. You will need the correct directory structure on 
the Samba server (with the correct permissions) and probably a GPO to 
point your users to them, the latter is more in Louis's knowledge than mine.
> Another problem is that I was comparing the permissions that were in 
> Windows and replicating in Samba 4. As the folders were created 
> manually there was no "CREATE OWNER" permission and this way I removed 
> it. Now, I don't find the "CREATE OWNER" permissions just find "GROUP 
> OWNER", to assign the root folder.
How are you looking at the permissions on the Samba server ?

The problem is (and I keep pointing this out), there are three places 
that the permissions are stored:

The normal Unix 'ugo' permissions that 'ls' shows e.g. '755' or 'rwxr-xr-x'

The permissions that 'getfacl shows

An extended attribute stored in Security.NTACL e.g.

getfattr -n security.NTACL /var/lib/samba/sysvol
getfattr: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol

Big problem though, it is incomprehensible, so try this instead:

samba-tool ntacl get /var/lib/samba/sysvol --as-sddl

Now, provided you have the key, you can easily decipher it, for 
instance, (A;OICIIO;WOWDGRGWGX;;;CO) is:


See here: 

and here: 


More information about the samba mailing list