[Samba] Samba share not quite working on Domain Controller

Mark Foley mfoley at novatec-inc.com
Mon Dec 18 01:16:23 UTC 2023


on Sun Dec 17 12:15:28 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Sun, 17 Dec 2023 11:50:18 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > 
> > Spindles7, Thanks.  my cloning the permissions from sysvol was
> > temporary ... just in case, and to verify I could open Users >
> > Properties > Security.  I did set the actual Security to what you
> > have listed using notes from my previous DC setup.  I didn't put
> > those step into my post; as I mentioned, the story wasn't finished
> > with that message. 
> > 
> > The wiki
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> > talks about Shares generally, but doesn't specifically mention
> > 'Redirected Folders'. Maybe that wiki is sufficient; I didn't examine
> > in detail.
>
> Possibly because there is a separate page for Redirected Folders:
>
> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections

Great! Thanks. I've made a note of this and will review.

> > 
> > One thing I'm wondering about, that wiki has instructions to "Enable
> > Extended ACL Support on a Unix domain member" as follows:
> > 
> >   "Ideally you have a system that supports NFS4 ACLs. The following
> > example is for systems like Linux, where you don't have those kind of
> > ACLs. To configure shares using extended access control lists (ACL)
> > on a Unix domain member, you must enable the support in the smb.conf
> > file. To enable extended ACL support globally, add the following
> > settings to the [global] section of your smb.conf file:"
> > 
> > I do have a "system that supports NFS4 ACLs" 
>
> What filesystem is that ?

ext4: 

# tune2fs -l /dev/sda3 | grep attr
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype needs_recovery extent 64bit flex_bg sparse_super large_file huge_file dir_nlink extra_isize metadata_csum
Default mount options:    user_xattr acl

I believe this means I'm good with NFS4 ACLs. If not, please advise. Doing
'getfacl /redirectedFolders/Users/' does seem to give me the "User > Properties >
Security" settings I've set up.

> As far as I am aware, it is only freebsd and freebsd based distros that
> have NFS4 acls as standard.
>
> >so I suppose that means
> > I don't have to add the listed settings to smb.conf? The instruction
> > say, "To configure shares using ... (ACL) on a Unix domain member,
> > you must enable the support in the smb.conf file." I'm assuming that
> > "MUST" admonition applies only if you don't have a system that
> > supports NFS4 ACLs (but could the Linux system even work at all
> > without this support?).
>
> If you run Samba as a Unix domain member on Linux, then, unless someone
> can point out the filesystem with NFS4 ACLS, you need vfs_acl_xattr
>
> > 
> > Also, if one were to add these lines to smb.conf, would that be to
> > the domain member, domain controller, both? My guess would be to the
> > domain member only.
>
> It is built into a DC, so only a Unix domain member.
>
> Rowland

Cool, so if my Linux/Slackware file system have xattr, I'm good, right?




More information about the samba mailing list