[Samba] Samba share not quite working on Domain Controller
Rowland Penny
rpenny at samba.org
Sun Dec 17 17:14:50 UTC 2023
On Sun, 17 Dec 2023 11:50:18 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
>
> Spindles7, Thanks. my cloning the permissions from sysvol was
> temporary ... just in case, and to verify I could open Users >
> Properties > Security. I did set the actual Security to what you
> have listed using notes from my previous DC setup. I didn't put
> those step into my post; as I mentioned, the story wasn't finished
> with that message.
>
> The wiki
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> talks about Shares generally, but doesn't specifically mention
> 'Redirected Folders'. Maybe that wiki is sufficient; I didn't examine
> in detail.
Possibly because there is a separate page for Redirected Folders:
https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections
>
> One thing I'm wondering about, that wiki has instructions to "Enable
> Extended ACL Support on a Unix domain member" as follows:
>
> "Ideally you have a system that supports NFS4 ACLs. The following
> example is for systems like Linux, where you don't have those kind of
> ACLs. To configure shares using extended access control lists (ACL)
> on a Unix domain member, you must enable the support in the smb.conf
> file. To enable extended ACL support globally, add the following
> settings to the [global] section of your smb.conf file:"
>
> I do have a "system that supports NFS4 ACLs"
What filesystem is that ?
As far as I am aware, it is only freebsd and freebsd based distros that
have NFS4 acls as standard.
>so I suppose that means
> I don't have to add the listed settings to smb.conf? The instruction
> say, "To configure shares using ... (ACL) on a Unix domain member,
> you must enable the support in the smb.conf file." I'm assuming that
> "MUST" admonition applies only if you don't have a system that
> supports NFS4 ACLs (but could the Linux system even work at all
> without this support?).
If you run Samba as a Unix domain member on Linux, then, unless someone
can point out the filesystem with NFS4 ACLS, you need vfs_acl_xattr
>
> Also, if one were to add these lines to smb.conf, would that be to
> the domain member, domain controller, both? My guess would be to the
> domain member only.
It is built into a DC, so only a Unix domain member.
Rowland
More information about the samba
mailing list