samba - Nov 2016 - Fix sharing ACL

> It should work, 
> what OS ? 
> what is the DC running 
> If Samba, post the smb.conf 
> Post your smb.conf from the domain member again 
> Rowland
 
Dear Rowland, 
In both Samba installed, the version is 4.4.5, rises the Centos7.
We have 2 DC's Samba and fileserver. 
If it was missing some information, just ask. 
Follows the smb.conf main DC:

[global] 
#bind interfaces only = Yes 
interfaces = lo eth0 
netbios name = SRV14 
realm = DOMAIN.LOCAL 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = DOMAIN
server role = active directory domain controller 
comment = 
log file = /var/log/samba/samba.log 
log level = 1 
max log size = 10000 
# 
idmap_ldb:use rfc2307 = yes 
winbind enum users = yes 
winbind enum groups = yes 
# 
allow dns updates = secure only 
nsupdate command =  /usr/bin/nsupdate -g 
client ldap sasl wrapping = sign 
ldap server require strong auth = no 
time server = yes 
eventlog list = Application System Security SyslogLinux 



[netlogon] 
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
read only = No 

[sysvol] 
path = /usr/local/samba/var/locks/sysvol 
read only = No 



Follows the smb.conf the domain member fileserver:


[global] 
workgroup = DOMAIN 
security = ADS 
realm = domain.local 

netbios name = SRV16 
server string = Samba4 Server 

winbind enum users = yes 
winbind enum groups = yes 
winbind use default domain = Yes 
winbind nss info = RFC2307 

idmap config * : backend = tdb 
idmap config * : range = 2000-9999 
idmap config DOMAIN: backend = rid 
idmap config DOMAIN: range = 10000-99999 

log file = /var/log/samba/samba.log 
log level = 9 

vfs objects = acl_xattr 
map acl inherit = Yes 
store dos attributes = Yes 
guest account = guest 
# MAP AS ADMINISTRATOR IN ROOT UNIX
#username map = /etc/samba/user.map 

[data] 
comment = Folder data 
path = /mnt/data 
read only = no 
browseable = yes 
guest ok=yes 

vfs objects = acl_xattr, recycle, shadow_copy2, full_audit 
#inherit acls = Yes # NOTE: using acl_xattr turns this on 
#inherit permissions = Yes # NOTE: this overides the next two lines 
create mask = 0774 
directory mask = 0774 

# Recycle 
recycle:facility = LOCAL1 
recycle:priority = NOTICE 
recycle:maxsize = 0 
recycle:directory_mode = 0774 
recycle:subdir_mode = 0774 
recycle:keeptree = true 
recycle:touch = true 
recycle:versions = true 
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin 
recycle:exclude_dir = tmp, temp, cache 
# SHADOW COPY / SNAPSHOT 
shadow:mountpoint = /mnt/data/ 
shadow:snapdir = .snapshot 
shadow:basedir = /mnt/ 
shadow:sort = desc 
shadow:localtime = yes 
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S 
# AUDIT FILESERVER 
full_audit:prefix = %u|%I|%S|%g 
full_audit:success = all 
full_audit:failure = all !open 
full_audit:facility = local1 
full_audit:priority = ALERT

Dear, 
Does anyone have any other tips to pass me? 
I'm still with the permission issue.

>> After mapping the Administrator of the domain, as root on unix, the 
>> Administrator lost access to sharing the fileserver. When trying to 
>> access the system asked for authentication but does not authenticate. 
>> When I comment the following line in smb.conf, the share opens 
>> normally: 
>> 
>> username map = /etc/samba/user.map 
>> 
> It should work, 
>what OS ? 
>what is the DC running 
>If Samba, post the smb.conf 
>Post your smb.conf from the domain member again 
>Rowland
 


This post is the last month.
https://lists.samba.org/archive/samba/2016-October/204095.html

I still can not solve the problem.