[Samba] Migration of files with Windows ACL's to Samba server

Rowland Penny rpenny at samba.org
Fri Jul 28 14:08:12 UTC 2023 


On 28/07/2023 14:27, Borut Rozman wrote:
> Hi Rowland,
> 
> Sorry for the vague reply, will add more info:
> FS is ext4 over NFS4.0, so from the storage server ls -lad gives me
> 
> drwxrws--- 2 privuser serviceaccounts 4096 Jul 28 14:01 testg/
> 
> testparam -s
> 
> oad smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility
> fallback)
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> # Global parameters
> [global]
> 	bind interfaces only = Yes
> 	dns proxy = No
> 	domain master = No
> 	hostname lookups = Yes
> 	interfaces = lo ens19
> 	keepalive = 30
> 	load printers = No
> 	local master = No
> 	log file = /var/log/samba/log.%m
> 	max log size = 1000
> 	min domain uid = 0
> 	netbios name = STORE-SMB1
> 	realm = DOMAIN.EXAMPLE.COM
> 	security = ADS
> 	server string = store-smb1 Samba Server
> 	username map = /etc/samba/user.map
> 	winbind nss info = rfc2307
> 	workgroup = DOMAIN
> 	rpc_server:netlogon = disabled
> 	idmap config domain:unix_primary_group = yes
> 	idmap config domain:unix_nss_info = yes
> 	idmap config domain:range = 10000-999999
> 	idmap config domain:schema_mode = rfc2307
> 	idmap config domain:backend = ad
> 	idmap config * : range = 3000-4999
> 	idmap config * : backend = tdb
> 	hosts allow = 192.168.72.0/255.255.255.0
> 	hosts deny = 0.0.0.0/0
> 	include = /etc/samba/shares.conf
> 	inherit acls = Yes
> 	inherit permissions = Yes
> 	map acl inherit = Yes
> 	vfs objects = acl_xattr
> [testg]
> 	comment = Ocms2019 testing share for ACL testing purposes
> 	map archive = No
> 	path = /storage/testg
> 	read only = No

There isn't a great deal wrong with the smb.conf.

> 
> So /storage is a NFS mount from a second server.
> 
> server2:/storage/    201T   40T  153T  21% /storage
> 

That is very probably your problem, sorry, but sharing an NFS mount with 
Samba is never a good idea. Samba doesn't really use the same ACLs as NFS.

Rowland

More information about the samba mailing list