[Samba] Samba shares with Windows ACL's
Peter Pollock
peter.pollock at kingschristian.org
Wed Nov 4 18:13:23 UTC 2020
I'm having trouble with my new fileserver, I can't make the shares viewable
by windows clients.
I had the same problems with the first file server I built and cannot
remember what I did to "fix" it.
I have gone through the page "Setting up a share using Windows ACL's" on
the Samba Wiki (
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs) but
when I get to the step where I am actually setting the ACL's, when I click
OK, it tries to apply the ACL's to all the files in the folder and comes
back saying that it has failed to enumerate the files and access is denied.
Since there are already files in the share, I used chown -R and chmod -R to
apply the owner/group and file permissions to all files, but that didn't
help.
I have also tried it with both root as the owner and "domain admins".
Since these files are not sensitive, I even tried setting the permissions
to 777.
I have rebooted also.
The user I am logged in to my Windows machine with is a member of the
domain admins group.
Here's my smb.conf
[global]
workgroup = INTERNAL
security = ADS
realm = INTERNAL.KCS
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
disable netbios = yes
dns proxy = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config INTERNAL : backend = rid
idmap config INTERNAL : range = 10000-999999
template shell = /bin/bash
template homedir = /home/users/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
# Comment the following 4 lines to act as a print server
# printcap name = /dev/null
# load printers = no
# disable spoolss = yes
# printing = bsd
[data]
path = /hdd/shares
read only = no
[home]
path = /home/users/%U
read only = no
[old-profiles]
path = /hdd/roaming
read only = no
[archive]
path = /hdd/archive
read only = no
and here's the getfacl of the folder in question:
itadmin at john:~$ getfacl /hdd/roaming
getfacl: Removing leading '/' from absolute path names
# file: hdd/roaming
# owner: domain\040admins
# group: domain\040admins
user::rwx
user:root:rwx
group::rwx
group:adm:rwx
group:domain\040admins:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:domain\040admins:rwx
default:group::rwx
default:group:adm:rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::---
More information about the samba
mailing list