0

I want to configure Samba to manage Windows ACL and manage them from Windows via the security tab. The Samba server is standalone and not part of an AD tree; i already followed various offical and unofficial guides but nothing seems to work.

The machine runs on a Debian 12 LXC on ZFS, the ZFS mountpoints do support ACL:

$ mount | grep acl
rpool/data/subvol-107-disk-0 on / type zfs (rw,noatime,xattr,posixacl)
rpool/data/subvol-107-disk-1 on /data/share1 type zfs (rw,noatime,xattr,posixacl)

I did create a ZFS pool for each share, in this example is /data/share1.

Samba is version 4.17.9-Debian

The folder ACLs are already set:

$ ls -lah /data/share1/
total 12K
drwxrwxr-x+ 3 administrator administrator 3 Jul 24 13:13 .
drwxr-xr-x  3 root          root          3 Jul 24 11:09 ..
drwxrwxr-x+ 2 administrator administrator 2 Jul 24 11:59 test

$ getfacl /data/share1/
getfacl: Removing leading '/' from absolute path names


file: data/share1/


owner: administrator


group: administrator


user::rwx
user:administrator:rwx
group::r-x
mask::rwx
other::r-x

I already configured the smb.conf appropriately:

[global]
        workgroup = CMC
        username map = /etc/samba/users.map
        server string = file-server

    log level = 5
    log file = /var/log/samba/log.%m
    max log size = 1000
    logging = file
    panic action = /usr/share/samba/panic-action %d


    server role = standalone server
    obey pam restrictions = yes
    map to guest = bad user


    acl allow execute always = yes




[homes]
        comment = Home Directories
        browseable = no
        map acl inherit = yes
        vfs objects = acl_xattr
        acl_xattr:ignore system acls = yes


[share1]


    path = /data/share1/test
    guest ok = no
    comment = Cartella di test smb
    read only = no
    browseable = yes
    map acl inherit = yes
    vfs objects = acl_xattr
    acl_xattr:ignore system acls = no

    store dos attributes = yes
    inherit acls = yes

From my tests if i use this configuration for the share:

        map acl inherit = yes
        vfs objects = acl_xattr
        acl_xattr:ignore system acls = yes

i get nothing from the Window security tab:

Acl error 1

If i insted use linuxacl with this configuration:

        map acl inherit = yes
        vfs objects = acl_xattr
        acl_xattr:ignore system acls = no

    store dos attributes = yes
    inherit acls = yes

i get more feedback in the windows security tab

acl error2

but it keeps giving me access denied if i try to edit ACLs from there.

Plokko
  • 101
  • 3

0 Answers0