[Samba] Acl not working

Rowland penny rpenny at samba.org
Sun Nov 1 13:29:15 UTC 2020

On 01/11/2020 13:11, Philip Offermans wrote:
> Samba config:
> [global]
> vfsobjects= acl_xattr
> mapaclinherit= Yes
> storedosattributes = Yes
> vfsobjects= acl_xattr
> mapaclinherit= yes
> storedosattributes = yes
You have the above lines twice and you no longer need the 'store dos 
attributes' line
> idmap_ldb:use rfc2307 = yes
The above line is only used on a Samba DC
> winbindnss info = rfc2307
The above line is no longer used
> winbindenumusers= yes
> winbindenumgroups= yes

You should only have the above lines for testing, remove them once you 
are sure everything works.

Now we come to what is probably your main problem, you are missing the 
'idmap.config' lines, why ?

> ACL in Windows:
> Root(Unix User\root) | Full Control | This folder, subfolders and files
> Domain Admins(Domain\Domain Admins) | Full Control | This folder, 
> subfolders and files
> Domain Users(Domain\Domain Users) | Change | This folder, subfolders 
> and files
Domain Users is probably going to need Read, modify at least
> I think it has something to do with winbind.
Correct, winbind has no idea who your users and groups are because you 
do not have the 'idmap config' lines


More information about the samba mailing list