Hi all, I'm running a small (50 users) AD with an AD-DC and a Domain Member as the file server. Both running debian Stretch and self-compiled samba 4.6.12. Bind as DNS. Multiple shares configured using windows ACLs. All work as expected except for User Home Folders (https://wiki.samba.org/index.php/User_Home_Folders). I've created a folder for each user under samba_homes/ and gave full control to each user to his "folder, sub folder and files". Users can create and delete subfolders, can create files, open and write to files, but cannot delete or rename files. If I check properties on files, I can see that both "full control" and "modify" are off. Even if I force them by going to the file properties, I can't get the modify flag to stick. Any ideas? I'm running out of them... Thanks my smb.conf: [global] security = ADS workgroup = SOMEDOM realm = SOMEDOM.LOCAL username map = /usr/local/samba/etc/user.map log file = /var/log/samba/%m.log log level = 2 server role = member server idmap config * : backend = tdb idmap config * : range = 3000-7999 # winbind nss info = template # template shell = /bin/bash # template homedir = /home/%U idmap config SOMEDOM : backend = rid idmap config SOMEDOM : range = 10000-999999 # winbind enum groups = yes # winbind enum users = yes winbind use default domain = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes aio read size = 16384 aio write size = 16384 aio write behind = true use sendfile = true read raw = true min receivefile size = 16384 [Casa] comment = personal folders path = /mnt/disco2/samba_homes read only = no vfs objects = full_audit full_audit:prefix = %u|%I full_audit:failure = none full_audit:success = none full_audit:facility = LOCAL7 full_audit:priority = NOTICE [Financeiro] comment = Departamento Financeiro writeable = yes path = /mnt/disco2/Users/Financeiro vfs objects = full_audit full_audit:prefix = %u|%I full_audit:failure = none full_audit:success = connect disconnect mkdir rmdir pread pwrite $ full_audit:facility = LOCAL6 full_audit:priority = NOTICE [RecHumanos] comment = Departamento Recursos Humanos writeable = yes path = /mnt/disco2/Users/RecHumanos vfs objects = full_audit full_audit:prefix = %u|%I full_audit:failure = none full_audit:success = connect disconnect mkdir rmdir pread pwrite u$ full_audit:facility = LOCAL6 full_audit:priority = NOTICE
On Wed, 14 Feb 2018 00:24:00 +0000 Carlos Jesus via samba <samba at lists.samba.org> wrote:> Hi all, > I'm running a small (50 users) AD with an AD-DC and a Domain Member > as the file server. Both running debian Stretch and self-compiled > samba 4.6.12. Bind as DNS. > Multiple shares configured using windows ACLs. All work as expected > except for User Home Folders > (https://wiki.samba.org/index.php/User_Home_Folders). I've created a > folder for each user under samba_homes/ and gave full control to each > user to his "folder, sub folder and files". Users can create and > delete subfolders, can create files, open and write to files, but > cannot delete or rename files. If I check properties on files, I can > see that both "full control" and "modify" are off. Even if I force > them by going to the file properties, I can't get the modify flag to > stick. Any ideas? I'm running out of them... > Thanks > > my smb.conf: > [global] > > vfs objects = acl_xattr > > [Casa] > comment = personal folders > path = /mnt/disco2/samba_homes > read only = no > vfs objects = full_auditTwo thing here, what are you mounting the shares from ?, this may have a bearing, but I think your main problems is that you may have turned off 'acl_xattr' on the shares. Try changing the 'vfs objects' line in [global] to 'vfs objects = acl_xattr full_audit' and remove the 'vfs objects' lines from the shares. Rowland