[Samba] Migration of files with Windows ACL's to Samba server

Borut Rozman borut.rozman at bioch.ox.ac.uk
Fri Jul 28 13:27:34 UTC 2023 

Hi Rowland,

Sorry for the vague reply, will add more info:
FS is ext4 over NFS4.0, so from the storage server ls -lad gives me

drwxrws--- 2 privuser serviceaccounts 4096 Jul 28 14:01 testg/

testparam -s 

oad smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is
deprecated
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility
fallback)

Server role: ROLE_DOMAIN_MEMBER

# Global parameters
[global]
	bind interfaces only = Yes
	dns proxy = No
	domain master = No
	hostname lookups = Yes
	interfaces = lo ens19
	keepalive = 30
	load printers = No
	local master = No
	log file = /var/log/samba/log.%m
	max log size = 1000
	min domain uid = 0
	netbios name = STORE-SMB1
	realm = DOMAIN.EXAMPLE.COM
	security = ADS
	server string = store-smb1 Samba Server
	username map = /etc/samba/user.map
	winbind nss info = rfc2307
	workgroup = DOMAIN
	rpc_server:netlogon = disabled
	idmap config domain:unix_primary_group = yes
	idmap config domain:unix_nss_info = yes
	idmap config domain:range = 10000-999999
	idmap config domain:schema_mode = rfc2307
	idmap config domain:backend = ad
	idmap config * : range = 3000-4999
	idmap config * : backend = tdb
	hosts allow = 192.168.72.0/255.255.255.0
	hosts deny = 0.0.0.0/0
	include = /etc/samba/shares.conf
	inherit acls = Yes
	inherit permissions = Yes
	map acl inherit = Yes
	vfs objects = acl_xattr
[testg]
	comment = Ocms2019 testing share for ACL testing purposes
	map archive = No
	path = /storage/testg
	read only = No

So /storage is a NFS mount from a second server. 

server2:/storage/    201T   40T  153T  21% /storage

regards
Borut





On Fri, 2023-07-28 at 14:12 +0100, Rowland Penny via samba wrote:
> 
> 
> On 28/07/2023 13:50, Borut Rozman via samba wrote:
> > Hi Nick,
> > Sorry for the late reply, been busy
> > with some other issues, and this was not such a priority
> > 
> > Basically I have
> > 
> >          vfs objects = acl_xattr
> >          inherit acls = yes
> >          inherit permissions = yes
> >          map acl inherit = yes
> > 
> > 
> > in my samba global config and shares are normal shares:
> > 
> > [testg]
> >          comment = privuser testing share for ACL testing purposes
> >          path = /storage/testg
> >          browseable = yes
> >          read only = no
> >          inherit acls = yes
> >          inherit permissions = yes
> >          map archive = no
> > 
> > But when I want as this user - privuser to change any
> > permissions/acls/anything on any file in that share it gives me:
> > Unable
> > to save permission changes to file, The request is not supported.
> > 
> > So looks like I am missing something?
> > 
> > Regards
> > Borut
> > 
> 
> Hi, Whilst you have given us some info, you do not seem to have given
> us 
> much. Just about all you have told is that you are running Samba
> 4.17.9 
> On Debian 12 and that you are running it as a server, but what sort
> of 
> server ?
> 
> Would it be possible for you to post the output of 'testparm -s' ? 
> Sanitised if you must.
> Also the output of 'ls -lad /storage/testg'
> 
> It will probably also help if you can tell us what the filesystem is.
> 
> Rowland
> 
>

More information about the samba mailing list