[Samba] 4.15 windows ACL share. Not taking?

Manu Baylac manu at pinguino.eus
Wed Mar 2 09:51:33 UTC 2022


	Hello John,


	I just post another mail  but answer to this one just to precise (to
Rowland) that like you I use rid backend and that my smb.conf is like yours.

Let's wait Rowland explanations to setup our file server in "the normal
way" because it seems we use a bad workaround :-)

Cheers.

--
Manu


Le 01/03/2022 à 20:32, John Ericsson via samba a écrit :
> I am not sure how mailing lists work when it comes to replying. Hope this
> does not mess anything up.
> Thank you for replying, Extra special thanks to my very good friend "Manu
> Baylac" for the "me too" post. The proposed solution worked!
> At the end of this message is the smb.conf that does NOT work. There is a
> lot of stuff in there due to a copy and paste from a working 4.14 prod
> server. The commented out lines were always commented out, (just ignore
> them)
> HOWEVER to get it to work I just commented out
> "acl_xattr:ignore system acls = yes" and it started working . I think I had
> to restart the services rather that a reload command ..but maybe not.
>
> I should add "work" means for the first time I saw the "+" . I have not
> tested subfolder etc.
> "Not work" meant no matter what I did in computer manager, that looked like
> it was working there was no "+" and no users could get access.
>
>
> [global]
> security = ADS
> workgroup = XX.com
> realm = XX.com
>
> log file = /var/log/samba/%m.log
> log level = 4
>
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> min domain uid = 0
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config XX : backend = rid
> idmap config XX : range = 10000-5999999
> #winbind refresh tickets = yes
>
> template shell = /bin/false
> template homedir = /home/%U
>
> username map = /usr/local/samba/etc/user.map
>
> full_audit:prefix = %u|%I|%m|%S
> full_audit:success = open close read write create_file renameat unlinkat
> pwrite_send pwrite_recv
> full_audit:failure = connect
> full_audit:facility = local5
> full_audit:priority = NOTICE
>
> map to guest = never
> restrict anonymous = 2
> map to guest = never
> restrict anonymous = 2
> vfs objects = acl_xattr
> map acl inherit = yes
>
> #server signing = mandatory
> #hello sexy
> #server min protocol = SMB3_11
> #server smb encrypt = required
> #server smb3 encryption algorithms = AES-128-GCM
>
> [demo]
> path = /export/demo/
> read only = no
> acl_xattr:ignore system acls = yes




More information about the samba mailing list