[Samba] Acl not working
Rowland penny
rpenny at samba.org
Sun Nov 1 13:29:15 UTC 2020
On 01/11/2020 13:11, Philip Offermans wrote:
> Samba config:
> [global]
> vfsobjects= acl_xattr
> mapaclinherit= Yes
> storedosattributes = Yes
>
>
> vfsobjects= acl_xattr
> mapaclinherit= yes
> storedosattributes = yes
You have the above lines twice and you no longer need the 'store dos
attributes' line
>
> idmap_ldb:use rfc2307 = yes
The above line is only used on a Samba DC
>
> winbindnss info = rfc2307
The above line is no longer used
> winbindenumusers= yes
> winbindenumgroups= yes
You should only have the above lines for testing, remove them once you
are sure everything works.
Now we come to what is probably your main problem, you are missing the
'idmap.config' lines, why ?
>
>
>
> ACL in Windows:
> Root(Unix User\root) | Full Control | This folder, subfolders and files
> Domain Admins(Domain\Domain Admins) | Full Control | This folder,
> subfolders and files
> Domain Users(Domain\Domain Users) | Change | This folder, subfolders
> and files
Domain Users is probably going to need Read, modify at least
>
> I think it has something to do with winbind.
Correct, winbind has no idea who your users and groups are because you
do not have the 'idmap config' lines
Rowland
More information about the samba
mailing list