[Samba] Issue with extended ACL's in 4.10.16
rpenny at samba.org
Mon Sep 11 15:46:00 UTC 2023
On Mon, 11 Sep 2023 15:14:49 +0000
"Odell, Jack via samba" <samba at lists.samba.org> wrote:
> I'm having an issue with extended ACL permissions while upgrading
> from 4.6.2 to 4.10.16.
> When upgraded, the file permissions will only allow a user's primary
> GID to access the directory/file.
> For example:
> tuser is a member of secall and secoptions.
> secall is tuser's primary GID.
> A dir has an ACL set for secoptions:rwx
> tuser is unable to access the dir from a windows host
> Adding secall:rwx to the dir allows tuser to access the dir without
> Trawled this document for a Boolean parameter this afternoon that
> would sort out this problem but came up blank: smb.conf
> Any help to shed some light on this is greatly appreciated.
> Current smb.conf file below:
> realm = OPTIONS-IT.COM
> workgroup = OPTIONS-IT
> security = ads
> kerberos method = dedicated keytab
> dedicated keytab file
> = /etc/krb5.keytab /etc/krb5.keytab.stc.local template homedir
> = /home/%U idmap config * : backend = sss
> idmap config * : range = 57000-59000
I am sorry, but using sssd with Samba isn't really recommended by
anyone, including red-hat. I can help you set up Samba correctly, but
it is doubtful if you will get the same IDs.
Because you are using a version of RHEL, you should have a contract
with red-hat, perhaps they can give you more help.
There is also the problem that Samba 4.10.16 is EOL from the Samba
point of view.
More information about the samba