[Samba] Fwd: Copy ACL to samba domain member file server

Steffen Dettmer steffen.dettmer+samba at gmail.com
Wed Jul 19 13:35:39 UTC 2023


thank you very much for your quick, detailed and super helpful reply!
That is so great!
In short: IT WORKS NOW!
(I think Kees tip to make my container privileged was essential)

On Wed, Jul 19, 2023 at 10:51 AM Rowland Penny via samba
<samba at lists.samba.org> wrote:
> That is not entirely true, you can join Samba as a DC to a 2012R2
> domain, but you may have to lower the functional level first.

Thank you for the correction. This seems to be a bigger topic and I
think I will ask a question in an own mail.

> > What I would like to safely (=robust, stable, reliable) have is move
> > my windows files to my ZFS datasets (nas1/mp0) like:
> Which 'ZFS' is this ?
> ZFS on Linux, or true ZFS that uses NFSv4 ACLs ?

I'm using Proxmox VE 7.4, which is a Debian 11 based virtualisation
platform, so ZFS on Linux.
NB: I used a unprivileged container and in another reply Kees pointed
out that it must be privileged, so I changed that.

> > c:\>robocopy d:\stor1\f1 \\nas1\disk0\f1 /E /COPYALL /IA:RASHNTCEO
> > /R:0 /W:0 /LOG+:d:\tmp\nas1.log /TEE /XD D:\stor1\f1\bak
> I do not use robocopy, but, as far as I am aware, it should work.

Yes, this works now!
I don't like robocopy, but as I read in the internet, it is the best
"rsync -a" replacement I could get on windows. I dislike it's
interface, for example that options like "/SECFIX" are needed.
Do you know other tools I could look at?

> There are a few lines in that smb.conf that really shouldn't be in a
> Unix domain members smb.conf, try this one:

OMG you wrote me the complete configuration file, wow!
Thank you so much for your effort!
I'm now using this in a priv container and

  --> IT DOES ALL WORK! <--

(I think my fault was that I thought I should add the options
mentioned in the Wiki, but apparently I better had started with an
empty file instead of editing the existing one, which is installed
when installing Samba [Debian 12])

> Try this /etc/krb5.conf , it is based on the latest Samba recommended one:

Wow, thank you so much! You wrote me an entirely complete
configuration. Best support ever! Thank you!

> > root at nas1:/var/lib/samba# samba-tool group listmembers
> > "$DOM\Domänen-Admins" 2>&1| sed "s|$DOM|DOM|g" ....
> > Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file or directory
> > (is this normal in domain member mode?)
> Yes, there is no sam.ldb on a Unix domain member, you can add '-H
> ldap://YOUR_DCS_HOSTNAME' to the command.

ahh thank you, yes, this works (if I omit the domain name):

root at nas1:~# samba-tool group listmembers "Domänen-Admins" -H ldap://dc2



More information about the samba mailing list