Answer the question
In order to leave comments, you need to log in
I
I
Igor L2021-01-09 11:19:03
Igor L, 2021-01-09 11:19:03
How to set up samba as a domain controller with acl support?
How to set up samba as a domain controller with acl support?
now configured like this:
samba config
# Global parameters
[global]
netbios name = SERV2
realm = WRK.LOCAL
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = WRK
idmap_ldb:use rfc2307 = yes
#=======================Settings =====================================
load printers = no
log file = /var/log/samba/%m.log
log level = 1 vfs:1
full_audit:prefix = %u|%I|%S
full_audit:success = connect, open, mkdir, rmdir, unlink, write, rename
full_audit:failure = connect, open, mkdir, rmdir, unlink, write, rename
full_audit:facility = local5
full_audit:priority = notice
vfs objects = full_audit
max log size = 500
dns proxy = no
disable spoolss = yes
winbind uid = 1000-250000
winbind gid = 1000-250000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind separator = \
template shell = /bin/bash
enable privileges = yes
obey pam restrictions = no
acl compatibility = Auto
#host msdfs = yes
[netlogon]
path = /var/lib/samba/sysvol/wrk.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[share]
vfs objects = acl_xattr
browsable = yes
#enable privileges = yes
#acl map full control = false
map read only = Permissions
store dos attributes = yes
valid users = @"domain users"
map hidden = no
write list = @"domain users"
writeable = yes
path = /mnt/hdd1/sharedir
map archive = no
map system = no
inherit acls = yes
inherit permissions = yes
inherit owner = yes
map acl inherit = yes
acl group control = true
dos filemode = yes
nt acl support = yesthe disk is mounted, on it the folder path = /mnt/hdd1/sharedir
in the logs is - [2021/01/08 18:19:07.542744, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
/usr/ sbin/samba_kcc: Ignoring unknown parameter "acl compatibility"
---------------------
On a separate machine, debian 10 is installed, configured according to various Samba instructions as a domain controller, and a disk with a shared folder is mounted. There are users in samba who will be given access to their folders. To differentiate access, acl support is included. Further, through the windows activ directory snap-in, under the administrator account, I configure folder permissions, there are some that are available only to some groups, others only read and write, in addition, they should not be able to delete files and folders.
2 answer(s)
@PB_igor
K
Korben5E, 2021-01-13 @PB_igor
man smb.conf
look for everything related to acl (/acl)
there love to change.
PS: I’ll add all the balls to separate configs, a separate config for each user and there include=share.conf, in smb.conf only what everyone needs without options, the rest for include = %U.conf
it solves a lot of problems with access
Similar questions
E
L
W
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question