Klaus Jaensch
2019-Dec-10 11:41 UTC
[Samba] unix_primary_group=yes together with vfs objects=acl_xattr not working
Hello all, we want to change the configuration of our Samba domain member file servers to use unix_primary_group=yes After some experiments I was able to get it to work, but only with vfs objects = acl_xattr commented out. With acl_xattr enabled the primary group is still displayed correctly in the output of smbstatus, but new files are not created with with this primary group. The created files have the default group 'users' instead. Is it a? bug in the acl_xattr module? I used the latest Ubuntu server version for testing: Samba version 4.10.7-Ubuntu Klaus
Rowland penny
2019-Dec-10 12:05 UTC
[Samba] unix_primary_group=yes together with vfs objects=acl_xattr not working
On 10/12/2019 11:41, Klaus Jaensch via samba wrote:> Hello all, > > we want to change the configuration of our Samba domain member file > servers to use > > unix_primary_group=yes > > After some experiments I was able to get it to work, but only with > > vfs objects = acl_xattr > > commented out. > > With acl_xattr enabled the primary group is still displayed correctly > in the output of smbstatus, but new files are not created with with > this primary group. The created files have the default group 'users' > instead. > > > Is it a? bug in the acl_xattr module? > > > I used the latest Ubuntu server version for testing: > > Samba version 4.10.7-Ubuntu > > > Klaus > > >I think you need to post your smb.conf, the default user group is Domain Users, not 'users', that is the default local Unix group. Rowland
Klaus Jaensch
2019-Dec-10 13:29 UTC
[Samba] unix_primary_group=yes together with vfs objects=acl_xattr not working
Hi Rowland, Am 10.12.19 um 13:05 schrieb Rowland penny via samba:> On 10/12/2019 11:41, Klaus Jaensch via samba wrote: >> Hello all, >> >> we want to change the configuration of our Samba domain member file >> servers to use >> >> unix_primary_group=yes >> >> After some experiments I was able to get it to work, but only with >> >> vfs objects = acl_xattr >> >> commented out. >> >> With acl_xattr enabled the primary group is still displayed correctly >> in the output of smbstatus, but new files are not created with with >> this primary group. The created files have the default group 'users' >> instead. >> >> >> Is it a? bug in the acl_xattr module? >> >> >> I used the latest Ubuntu server version for testing: >> >> Samba version 4.10.7-Ubuntu >> >> >> Klaus >> >> >> > I think you need to post your smb.conf, the default user group is > Domain Users, not 'users', that is the default local Unix group. >Here is my test smb.conf [global] ? security = ads ? realm = SAMDOM ? workgroup = IPS ? idmap config *:backend =tdb ? idmap config *:range = 5000000-6000000 ? idmap config IPS:backend = ad ? idmap config IPS:schema_mode = rfc2307 ? idmap config IPS:range = 100-999999 ? idmap config IPS:unix_nss_info = yes ? idmap config IPS:default = yes ? idmap config IPS:unix_primary_group = yes ? # Use settings from AD for login shell and home directory ? winbind nss info = rfc2307 ? winbind enum users = yes ? winbind enum groups = yes ? winbind cache time = 10 ? winbind use default domain = yes ? winbind rpc only = yes ? kerberos method = secrets and keytab ? client use spnego = yes ? client ntlmv2 auth = yes ? ntlm auth = no ? encrypt passwords = yes ? restrict anonymous = 2 ? domain master = no ? local master = no ? preferred master = no ? os level = 0 ? server min protocol = SMB2 ? vfs objects = acl_xattr ? map acl inherit = yes ? store dos attributes = yes ? access based share enum = yes ? server signing = mandatory ? smb encrypt = desired [test_share] ?????? path= /data/test_share ?????? read only = No ?????? create mask = 0660 ?????? directory mask = 0770 ?????? valid users =test_user I use the Windows Server AD as backend and set the GID in the ActiveDirectory UNIX-Attributes of the user. On the Linux Samba server I have a group with this GID. The name of this group shows up in the smbstatus output. New files are created with this GID, but only if vfs objects = acl_xattr is commented out. We access the file servers from Windows clients via SMB and from Linux clients via NFS. I want to use private user groups on Ubuntu to change the umask to 002 on login automatically on Ubuntu (Explained in /etc/login.defs). Therefore every user requires its own primary group with the same name of the user. I know that it is not possible to have groups with the same name in AD, so I want to use the GID (number) UNIX attribute and resolve it to the existing (private user) group on the Linux server. Everything works as expected but only without the vfs objects = acl_xattr line in smb.conf. Klaus> Rowland > > >-- ------------------------------------------ Klaus Jaensch Muenchen Germany Institut fuer Phonetik und Sprachverarbeitung Schellingstr.3/II Room 223 VG 80799 M?nchen Phone (Work): +49-(0)89-2180-2806 Fax: +49-(0)89-2180-5790 EMail: klausj at phonetik.uni-muenchen.de
Apparently Analagous Threads
- unix_primary_group=yes together with vfs objects=acl_xattr not working
- unix_primary_group=yes together with vfs objects=acl_xattr not working
- unix_primary_group=yes together with vfs objects=acl_xattr not working
- unix_primary_group = yes don t work
- unix_primary_group = yes don t work