[Samba] Samba share not quite working on Domain Controller
Rowland Penny
rpenny at samba.org
Wed Dec 20 21:32:13 UTC 2023
On Wed, 20 Dec 2023 15:48:43 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> I'm following up on this because I'm not sure I understand. tune2fs
> on the DC shows, ext_attr; Default mount options: user_xattr, acl,
> although fstab does not have 'acl' as an option.
>
> So should I add to my DC smb.conf (per
> wiki
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs)?
>
> vfs objects = acl_xattr
> map acl inherit = yes
> # the next line is only required on Samba versions less than 4.9.0
> store dos attributes = yes
>
> From the preceeding comments, I think this is NOT for the DC.
Well, if you read the big orange box under your wiki page extract, you
will find this:
On a Samba Active Directory (AD) domain controller (DC), extended ACL
support is automatically enabled globally. You must not enable the
support manually.
Also, your extract is under the heading:
Enable Extended ACL Support on a Unix domain member
So what do you think ???
>
> When I add a Linux domain member, I do/do-not need to add these to
> the domain member's smb.conf?
If you want to use extended ACLs, then you need to add them.
> What goes wrong if I don't?
You can only use the Unix standard acls (ugo).
> If I do add
> these lines, so I also have to add 'acl' as a fstab mount option?
No, 'acl' is one of the ext4 default options.
Rowland
More information about the samba
mailing list