[Samba] old ACL on member server
Rowland Penny
rpenny at samba.org
Fri Sep 30 20:33:30 UTC 2022
On 30/09/2022 21:12, Nicolas Canonne via samba wrote:
> Hi all,
>
> 2 ubuntu 20.04 servers : 1 DC, 1 FileServer
>
> DC as been setup with a fresh install
>
> FS was previousely setup as (unrecommanded) FileServer on DC (it was the
> only server)
>
> FS uses EXT4
>
> (sorry I don't have smb.conf and links at hand right now)
Might help to see them.
>
> Old Samba files have been removed prior to re-install Samba on FS (samba
> wiki)
>
> FS joigned domain OK, GPO and such are well applied, troubles occurs
> with ACLs on FS
>
> Domain users/groups are well listed using getent passwd / group on FS
>
> It seems that old ACLs (with GUID in the 300 000 range used in previous
> samba config) are still showing using getfacl
How did you copy the files to the new Unix domain member ?
The ID numbers in the 3000000 range are only used on a DC and are
actually 'xidNumber' attributes stored in idmap.ldb on a DC. Unix domain
members will use a winbind idmap backend, the 'ad' backend uses
'uidNumber' & 'gidNumber' attributes stored in AD, you must add these,
they are not created automatically. The 'autorid' & 'rid' backends
calculates the user and group ID's from the user or group RID.
>
> 1) Is there a 'magic' way to remove these old ACL on file system and
> restore default ones ?
It isn't the ACLs that are incorrect, it is the ownership and there
aren't really any defaults.
>
> It looks like I should stop the shares on FS, create new folders and
> configure them with correct ACLs, tranfer old files to the new shares.
I take it that the files etc are still on the DC, you can probably use
rsync to copy the files across, provided that the Unix domain member is
set up correctly.
Rowland
More information about the samba
mailing list