Using Windows ACLs with Samba
I have now got Linux authenticating correctly with a Windows 2012 Domain Controller, I can use Windows Users and Groups to set file permissions.
The next issue to try and tackle is how to allow Windows ACLs on a Linux (Samba) Server. I am a bit confussed on trying to read about this as there seems to be varying opinions maybe all coming from different times in Sambas development.
So simple question is how can I enable Windows ACLs on a Samba share and what is the best file-system to use on that share? Do different file systems make any difference to the ACL functionality?
You say you can set file permissions. What exactly do you mean by "using Windows ACLs"?
If you mean you can currently refer to Windows Domain groups and users when setting Unix file permissions with chown but can't do the same from a Windows client, the problem is probably related to lacking file system support for ACLs and extended attributes.
When you modify file permissions from a Windows client, Samba will modify the ACL on the file in question. It also stores the hash of the ACL as an extended attribute of the same file. This will obviously only work if the file system supports those features.
Most file systems support both ACLs and extended attributes, but mounting a file system with default options will usually leave both deactivated. You may need to add the "acl" and "user_xattr" parameters to /etc/fstab and remount the file system.
Thanks that worked perfectly.
|All times are GMT -5. The time now is 08:50 AM.|