samba - Aug 2014 - vfs_acl_xattr doesn't work unless all the inherit and map inherit acl parameters are set to yes, but want to set inherit owner = no

I noticed that vfs_acl_xattr doesn't work unless all the inherit and map
inherit acl parameters are set to yes. Which is fine but if I turn off
inherit owner it completely breaks inheritance and security.NTACL never
gets set for the file/directory that's created by the user. I want the uid
of the user who's connected to be written and not the owner of the parent
directory. Is there anyway to get vfs_acl_xattr to work with inherit owner
turned off ?

Btw, I have a non-standard setup where the server is connected to both ldap
(nslcd) and ad (winbind) since our AD doesn't provide uid's . We have
lots
of smb/nfs servers operated by various groups so we try to maintain some
sort of consistency for clients by providing the same uid #'s (provided in
ldap) on files, so my smb.conf actually has :

# ldap handles users
winbind enum users  = no
# setting this to no forces samba to use the gid of an equivalently named
group from ldap with force group on a share, still allows for winbind in
the nsswitch.conf group line
winbind enum groups = no

# /etc/nsswitch.conf

passwd:     files ldap
group:      files ldap winbind


Thanks,
Sabuj

On 20/08/14 22:50, Sabuj Pattanayek wrote:
> I noticed that vfs_acl_xattr doesn't work unless all the inherit and
map
> inherit acl parameters are set to yes. Which is fine but if I turn off
> inherit owner it completely breaks inheritance and security.NTACL never
> gets set for the file/directory that's created by the user. I want the
uid
> of the user who's connected to be written and not the owner of the
parent
> directory. Is there anyway to get vfs_acl_xattr to work with inherit owner
> turned off ?
>
> Btw, I have a non-standard setup where the server is connected to both ldap
> (nslcd) and ad (winbind) since our AD doesn't provide uid's . We
have lots
> of smb/nfs servers operated by various groups so we try to maintain some
> sort of consistency for clients by providing the same uid #'s (provided
in
> ldap) on files, so my smb.conf actually has :
>
> # ldap handles users
> winbind enum users  = no
> # setting this to no forces samba to use the gid of an equivalently named
> group from ldap with force group on a share, still allows for winbind in
> the nsswitch.conf group line
> winbind enum groups = no
>
> # /etc/nsswitch.conf
>
> passwd:     files ldap
> group:      files ldap winbind
>
>
> Thanks,
> Sabuj
Sorry, but you are going to have to give us some more info here, your 
complete (sanitized) smb.conf for a start.

Rowland