Mandi! Rowland Penny via samba In chel di` si favelave...> Is this on a DC ?No, is a DM.> If it isn't, Try setting it up exactly like it is shown on the > wikipage, note that you only need the 'vfs objects' line if it isn't > set in [global]Wikipage say only: Create a new share. For details, see Setting up a Share Using Windows ACLs. and https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs say exactly i'm added to my configuration; for a sake of completeness, i've removed the 'csc policy = disable' and 'browseable = no' opts, but nothing changed. Now my share is: [profiles] comment = Network Profiles Share path = /srv/samba/profiles store dos attributes = Yes map acl inherit = Yes read only = No vfs objects = acl_xattr I've just double-checked again the ACL, and seems exactly as specification (share and filesystem root spec). I say 'seems' because there's also other ACL (CREATOR GROUP, Everyone, ...) that seems i cannot remove (i've only sed 'Eeveryone' to 'no access'). I've manually created 'gaio.V2' folder, setting it gaio:"Domain Users" 700, but profiles still get not saved. (supposing was a 'folder creation' trouble...) If i set 'profile path' in user data, eg: root at vdmsv1:/srv/samba/profiles# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" profilePath | grep ^profilePath: profilePath: \\vdmsv1\profiles\gaio roaming profile works as expected. Boh... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
I don't know if is relevant and maybe is the same as GPO that you've
created, but Ive a profiles folder with this configuration:
[profiles]
path = /server/share/profiles
read only = no
browsable = no
Other options are on my smb.conf global section so is the same as your
configuration.
Next I've changed the profile path on the user configuration instead use a
GPO and is working as expected. Maybe is a way to test with an user if is a
problem of the GPO instead a share problem.
Greetings!!
2017-11-30 13:01 GMT+01:00 Marco Gaiarin via samba <samba at
lists.samba.org>:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > Is this on a DC ?
>
> No, is a DM.
>
>
> > If it isn't, Try setting it up exactly like it is shown on the
> > wikipage, note that you only need the 'vfs objects' line if it
isn't
> > set in [global]
>
> Wikipage say only:
>
> Create a new share. For details, see Setting up a Share Using Windows
> ACLs.
>
> and https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> say exactly i'm added to my configuration; for a sake of completeness,
> i've removed the 'csc policy = disable' and 'browseable =
no' opts, but
> nothing changed. Now my share is:
>
> [profiles]
> comment = Network Profiles Share
> path = /srv/samba/profiles
> store dos attributes = Yes
> map acl inherit = Yes
> read only = No
> vfs objects = acl_xattr
>
> I've just double-checked again the ACL, and seems exactly as
> specification (share and filesystem root spec). I say 'seems'
because
> there's also other ACL (CREATOR GROUP, Everyone, ...) that seems i
> cannot remove (i've only sed 'Eeveryone' to 'no
access').
>
>
> I've manually created 'gaio.V2' folder, setting it
gaio:"Domain Users"
> 700, but profiles still get not saved.
> (supposing was a 'folder creation' trouble...)
>
>
> If i set 'profile path' in user data, eg:
>
> root at vdmsv1:/srv/samba/profiles# ldbsearch -H ldap://vdcsv1 -P -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" profilePath | grep
^profilePath:
> profilePath: \\vdmsv1\profiles\gaio
>
> roaming profile works as expected.
>
>
> Boh...
>
> --
> dott. Marco Gaiarin GNUPG Key ID:
> 240A3D66
> Associazione ``La Nostra Famiglia''
> http://www.lanostrafamiglia.it/
> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento
> (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f
> +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
_________________________________________
Daniel Carrasco Marín
Ingeniería para la Innovación i2TIC, S.L.
Tlf: +34 911 12 32 84 Ext: 223
www.i2tic.com
_________________________________________
i've seen that is similar to your latest test. What about a gpresult -h result.html. The GPo is appplied to the user? Greetings!! 2017-11-30 13:29 GMT+01:00 Daniel Carrasco <d.carrasco at i2tic.com>:> I don't know if is relevant and maybe is the same as GPO that you've > created, but Ive a profiles folder with this configuration: > > [profiles] > path = /server/share/profiles > read only = no > browsable = no > > Other options are on my smb.conf global section so is the same as your > configuration. > > Next I've changed the profile path on the user configuration instead use a > GPO and is working as expected. Maybe is a way to test with an user if is a > problem of the GPO instead a share problem. > > Greetings!! > > 2017-11-30 13:01 GMT+01:00 Marco Gaiarin via samba <samba at lists.samba.org> > : > >> Mandi! Rowland Penny via samba >> In chel di` si favelave... >> >> > Is this on a DC ? >> >> No, is a DM. >> >> >> > If it isn't, Try setting it up exactly like it is shown on the >> > wikipage, note that you only need the 'vfs objects' line if it isn't >> > set in [global] >> >> Wikipage say only: >> >> Create a new share. For details, see Setting up a Share Using Windows >> ACLs. >> >> and https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Wi >> ndows_ACLs >> say exactly i'm added to my configuration; for a sake of completeness, >> i've removed the 'csc policy = disable' and 'browseable = no' opts, but >> nothing changed. Now my share is: >> >> [profiles] >> comment = Network Profiles Share >> path = /srv/samba/profiles >> store dos attributes = Yes >> map acl inherit = Yes >> read only = No >> vfs objects = acl_xattr >> >> I've just double-checked again the ACL, and seems exactly as >> specification (share and filesystem root spec). I say 'seems' because >> there's also other ACL (CREATOR GROUP, Everyone, ...) that seems i >> cannot remove (i've only sed 'Eeveryone' to 'no access'). >> >> >> I've manually created 'gaio.V2' folder, setting it gaio:"Domain Users" >> 700, but profiles still get not saved. >> (supposing was a 'folder creation' trouble...) >> >> >> If i set 'profile path' in user data, eg: >> >> root at vdmsv1:/srv/samba/profiles# ldbsearch -H ldap://vdcsv1 -P -b >> DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" profilePath | grep ^profilePath: >> profilePath: \\vdmsv1\profiles\gaio >> >> roaming profile works as expected. >> >> >> Boh... >> >> -- >> dott. Marco Gaiarin GNUPG Key ID: >> 240A3D66 >> Associazione ``La Nostra Famiglia'' >> http://www.lanostrafamiglia.it/ >> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento >> (PN) >> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f >> +39-0434-842797 >> >> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! >> http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 >> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > _________________________________________ > > Daniel Carrasco Marín > Ingeniería para la Innovación i2TIC, S.L. > Tlf: +34 911 12 32 84 Ext: 223 > www.i2tic.com > _________________________________________ >-- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________
On Thu, 30 Nov 2017 13:01:09 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > Is this on a DC ? > > No, is a DM. > > > > If it isn't, Try setting it up exactly like it is shown on the > > wikipage, note that you only need the 'vfs objects' line if it isn't > > set in [global] > > Wikipage say only: > > Create a new share. For details, see Setting up a Share Using > Windows ACLs. > > and > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > say exactly i'm added to my configuration;No it doesn't, it says: [Demo] path = /srv/samba/Demo/ read only = no So, your profile share should be: [profiles] comment = Network Profiles Share path = /srv/samba/profiles read only = No Now set the ACLs from windows. Your profile share is nearer the one to use if you are using POSIX ACLs Rowland
Mandi! Rowland Penny via samba In chel di` si favelave...> > Wikipage say only: > > Create a new share. For details, see Setting up a Share Using > > Windows ACLs. > > and > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > say exactly i'm added to my configuration;> No it doesn't, it says:Ahem, the above link say also (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Enable_Extended_ACL_Support_in_the_smb.conf_File): To configure shares using extended access control lists (ACL), you must enable the support in the smb.conf file. To enable extended ACL support globally, add the following settings to the [global] section of your smb.conf file: vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes [...] Alternatively, to enable extended ACL support only for a specific share, add the parameters to the share's section. Because i don't want to use on every share Windows ACL, i've simply added that parameters to that share. I've anyway tried to remove is, but clearly does not work: remeins only POSIX ACL available, and so complex permission cannot be set (and, groups like 'domain admins' that have no GID cannot be set at all). -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)