[Samba] ZFS samba share not allowing ACL members access

maillists_samba at diversity.nl maillists_samba at diversity.nl
Sun May 1 07:50:44 UTC 2022


I changed the subject to better reflect my problem.

I am running samba
#testparm --version
Version 4.13.13-Debian

#modinfo zfs | grep version
version:        2.1.2-pve1
srcversion:     0F243348A3846ED6C1A546D
vermagic:       5.13.19-6-pve SMP mod_unload modversions

samba-vfs-modules is already the newest version 
(2:4.13.13+dfsg-1~deb11u3)

When setting in the globals section
vfs objects = zfsacl
shares are no longer available and when connecting I get
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

So the goal is to have samba shares allow access to users in the ACL 
list on files and folders on ZFS

On 30-04-2022 14:03, Rowland Penny via samba wrote:
> On Sat, 2022-04-30 at 13:04 +0200, maillists_samba--- via samba wrote:
>> a possible important detail I forgot to mention is that the
>> filesystem
>> is ZFS. Does that matter?
>> Just to be complete in info I'll include extra info on how the
>> filesystem is set
>> * acltype=posixacl
>> * aclmode=discard
>> * aclinherit=discard
> 
> Is this Freebsd ? If it is, then you require a different VFS module
> 'zfsacl' instead of 'acl_xattr'
> 
> You may also need to install 'samba-vfs-modules' if it isn't already
> installed.
> 
> You also need to set the ACL's on the share directory and allow
> everyone to get to the share directory.
> 
> Rowland

On 11-04-2022 13:02, Rowland Penny via samba wrote:
> On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba wrote:
>> How to allow the owner of a folder that is shared access to that
>> share?
>> 
>> I have;
>> 
>> Samba version 4.13.13-Debian
>> 
>> # testparm -s
>> Load smb config files from /etc/samba/smb.conf
>> Loaded services file OK.
>> Weak crypto is allowed
>> Server role: ROLE_STANDALONE
>> 
>> ----------
>> # Global parameters
>> [global]
>>          log file = /var/log/samba/log.%m
>>          logging = file
>>          map to guest = Bad User
>>          max log size = 1000
>>          obey pam restrictions = Yes
>>          pam password change = Yes
>>          panic action = /usr/share/samba/panic-action %d
>>          passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>          passwd program = /usr/bin/passwd %u
>>          server role = standalone server
>>          unix password sync = Yes
>>          usershare allow guests = Yes
>>          idmap config * : backend = tdb
>> 
>> [proxmox-trx40]
>>          comment = Aiii
>>          inherit permissions = Yes
>>          path = /{redacted}/hypervisors/proxmox/trx40_1
>>          read only = No
>>          valid users = proxmox
>> 
>> ----------
>> 
>> ls -l /{redacted}/
>> 
>> drwxrwx---+  3 proxmox proxmox    3 Mar 24 18:04  hypervisors
> 
> On the face of it, only 'proxmox' and members of the 'proxmox' group
> can enter the hypervisors directory, but notice the '+' on the end of
> the permissions, this means that you have extended ACLs set. However
> you are missing a parameter in the smb.conf global section.
> 
> Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read
> up on 'setfacl' and 'getfacl'.
> 
> Rowland



More information about the samba mailing list