Hello all,
as the "profile acls = Yes" option has become deprecated in Samba 4.7
I
wanted to ask what the preferred way is of doing this?
The Wiki
(https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles) still
uses "profile acls = Yes" when using posix acls.
At the moment our share looks like this:
[profiles]
profile acls = Yes
csc policy = disable
browseable = no
writeable = yes
path = /srv/profiles/profiles/%U/%a
guest ok = no
create mask = 0700
directory mask = 0700
comment = Profile Share
This has been running in NT Classic Domain for years and since we
upgraded to AD a year ago still has been working fine. It is different
then the Wiki but comes from Samba 3.6 times and worked so far.
Should we switch to using Windows ACLs? And if this is the recommended
way how to best "migrate"?
Any thoughts on this?
Regards
Christian
--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11
Follow @BRAINbiotech on Twitter: https://twitter.com/BRAINbiotech
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
On Thu, 23 Nov 2017 09:01:55 +0100 Christian Naumer via samba <samba at lists.samba.org> wrote:> Hello all, > as the "profile acls = Yes" option has become deprecated in Samba 4.7 > I wanted to ask what the preferred way is of doing this? > The Wiki > (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles) still > uses "profile acls = Yes" when using posix acls.I have updated the wikipage, based on the info found the patch commit.> This has been running in NT Classic Domain for years and since we > upgraded to AD a year ago still has been working fine. It is different > then the Wiki but comes from Samba 3.6 times and worked so far. > > Should we switch to using Windows ACLs? And if this is the recommended > way how to best "migrate"?At the moment, 'profile acls' is only deprecated, it hasn't gone away yet, so if it is still working for you, there is no need to do anything. It may be removed in a later version of Samba, but if it is, it will most likely be a major version, e.g. 4.9.0 You could test using Windows ACLs or what the Samba wiki shows now. What I personally would suggest is to consider upgrading to an AD domain. It seems to be getting harder and harder to get Windows to connect to an NT4-style domain and upgrading brings several advantages. Rowland
Am 23.11.2017 um 11:20 schrieb Rowland Penny via samba:> At the moment, 'profile acls' is only deprecated, it hasn't gone away > yet, so if it is still working for you, there is no need to do anything. > It may be removed in a later version of Samba, but if it is, it will > most likely be a major version, e.g. 4.9.0I know. I just wanted to be the early bird and fix this know. In the commit it says that this does not work on modern clients anyway. So I might just try the Windows ACLs and see what happens.> > You could test using Windows ACLs or what the Samba wiki shows now.Has anybody tried the settings from the Wiki for POSIX ACLs?> > What I personally would suggest is to consider upgrading to an AD > domain. It seems to be getting harder and harder to get Windows to > connect to an NT4-style domain and upgrading brings several advantages.We already upgraded to an AD Domain. We just didn't change the profile share. Thanks for the answers Christian -- Dr. Christian Naumer Research Scientist Plattform-Koordinator Bioprozesstechnik B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.de, homepage www.brain-biotech.de fon +49-6251-9331-30 / fax +49-6251-9331-11 Follow @BRAINbiotech on Twitter: https://twitter.com/BRAINbiotech Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel Aufsichtsratsvorsitzender: Dr. Ludger Mueller