[Samba] Windows ACLs
Peter Carlson
peter at howudodat.com
Mon Oct 3 14:38:19 UTC 2022
I am trying to set up a samba file server with the following 2
characteristics:
1) use RSAT tools to set ACLs
2) new folders / files need to have group write permissions
ie: UserData = Domain Users
ie: AdminData = Domain Admins
ie: Accounting = Accounting
I think I'm about 90% of the way there after reading and following this
guide:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Problems: 1) failed to enumerate objects in the container: Access is
denied. (https://snipboard.io/K27jAc.jpg)
2) group permissions are always 750, I would like them to be 770
Setup:
Windows Network with about a dozen workstations (Surface Pros) running
Windows 11
Active Directory running on Synology DSM
Proxmox Hypervisor
Guest: mariadb
Guest: LAMP for middleware
Guest: LAMP for public facing web server
Guest: 3CX debian
Guest: File Server
File Server:
Samba Version 4.15.9
Ubuntu Server 22.04.1
root at filesvr:/data# net rpc rights list privileges
SeDiskOperatorPrivilege -U "SDCP\administrator"
Password for [SDCP\administrator]:
SeDiskOperatorPrivilege:
SDCP\linux admins
BUILTIN\Administrators
[global]
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
[Test]
path = /data/test
comment = test
writable = yes
guest ok = no
inherit permissions = yes
inherit acls = yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = yes
valid users = "@SDCP\Domain Users"
root at filesvr:/data# ls -l
drwxrwxrwt 3 root SDCP\linux admins 4096 Oct 2 15:07 test
root at filesvr:/data# ls -l test/
drwxr-xr-t 2 SDCP\office SDCP\domain users 4096 Oct 2 15:08 officefld
-rwxr--r-- 1 SDCP\peter SDCP\domain admins 17 Sep 30 23:59
Windows.txt
root at filesvr:/data# ls -l test/officefld/
-rw-r--r-- 1 SDCP\office SDCP\domain users 4 Oct 2 15:08 test.txt
More information about the samba
mailing list