|
Samba 3.6 or Samba 4 ?
I am trying to setup a Samba Server and a Windows share with Full ACL support. From what I have read and from my own experimentation I need to use vfs_acl_xattr to do this.
At the moment I am not having too much success trying this on Samba 3.6 so I am wondering about trying Samba 4. Only thing is I keep reading that Samba 4 is experimental and should not be used on a production Server yet. Has anyone got an opinion about whether I would be better off using Samba 4 or not. Thanks, Nick |
You should be able to get full ACL support with either version of Samba by simply adding the acl and user_xattr mount options to the underlying file system. The VFS module is not required.
As for stability, Sambe 4.0 is pretty good, but if you don't actually need AD DC functionality there's nothing wrong with sticking with 3.6 for now. |
Well need to connect to a Windows AD DC but wasn't thinking of using Samba as the DC.
Got acl & user_xattr in the fstab but what about smb.conf do I need anything more than: nt acl support = yes inherit acls = Yes map acl inherit = Yes |
Not sure that the above configuration is enough, using that I don't seem to get full ACL support.
Deleting all permissions from windows in preparation for adding our owm ACL entries doesn't work and a whole load of default entries appear back again: Any idea where these are comming from? |
Samba with ACL still has fixed ACL entries
Currently got samba setup as follows:
/etc/fstab: acl,user_xattr/etc/samba/smb.conf: [WinShare]Problem is there are a bunch of fixed default ACL entries which cannot be removed: System - Full - This folder, subfolders and filesAnyone know how I can get rid of these? Thanks, Nick |
Those defaults exist in Windows domains by default, I highly doubt you can or should get rid of them.
|
Well if Samba is to provide a completely seamless share to windows users such that they do not even know they are using Linux/Samba then these should be able to be deleted as they can be in windows.
From what I have read there should be some way of getting Samba to completely emulate a windows share, I just haven't found the correct settings yet. |
You might be able to delete these in Windows (though I may be wrong on that) but there would be no reason you would ever delete these on windows. Why do you want to delete them off of Samba? It could cause issues working with Widows machines, especially in a domain environment.
|
Well we want to be able to set our own permissions which I then hope to see inherited by everything on that share.
For example these are a waste of time: Everyone - None - This folder, subfolders and filesAnd we might not want everyone on the domain to have: Authenticated Users - Read & Execute - This folder, subfolders and files |
OK I see what you want now, I was mistaken in my understanding of what you were seeking. You should be able to do what you are trying to do. For testing could you try disabling inherit acls on the share and then delete and see if they reappear.
|
Slightly different results but still get the following ACEs added back again:
|
This is an odd one, I'm out of suggestions at the moment, sorry.
|
What I was hopeing for was to find someome else who is using Samba with these ACL options to find out if they get the same behaviour. However from lack of other replies I guess no one else is actually using this. Thanks for your help.
|
A thought, perhaps user and group mapping from the Linux file system to samba mappings of Windows users and groups is causing these to reappear.
|
Yep that sounds like a distinct possibility. Is there a way to turn off all user & group mapping from smb.conf? I have had a look through the docs and nothing obvious on how to do that.
Thanks, Nick |
Mapping has to be done for proper domain interaction unfortunately.
|
| All times are GMT -5. The time now is 01:23 AM. |