Werthmuller, Derek
2019-Apr-09 13:21 UTC
[Samba] Problems getting POSIX ACL working on upgraded samba file server Ubuntu 16.04 LTS to 18.04 LTS
Running a Samba 4 AD DC on Ubuntu 18.04, and fileservers on 18.04. Our access control needs are rather simple and worked well under the samba 3 series with LDAP users and groups so we plan to keep using the POSIX ACL (regular filesystem access controls) On a fresh install file server(18.04) samba 4 with POSIX ACLs work with no issue, but I can't get the permissions to work properly on the upgraded server (samba 4 Ubuntu 16.04 - upgraded to samba 4 Ubuntu 18.04) . We are using winbind nss info = rfc2307 and have configured UID and GID for the accounts that will have access. Granted when recreating the accounts on the new samba 4 DC (small network of 25 users was easier to recreate accounts rather than migrate from samba3) we set the GID and UID the same as they had in the LDAP prior so that we didn't have to remap UID and gids for share files and folders. I have a share where the user and group *should* be able to read and write to folders via shell and windows file explorer. But they can't. It seems that the owner aspects of the ACL work properly, but the group aspects don't. They don't work via shell or windows file explorer. All shares on this upgraded server exhibit the same problem. The ACLs were never tested when the server was running version 16.04 that I remember. The same configuration on a fresh Ubuntu 18 file server install works great both in shell and windows file explorer. Both these command return same values on both servers. getent passwd DOMAIN\\username getent group DOMAIN\\usernamegrp dpkg -l |grep samba # shows the same version on both servers ii python-samba ii samba ii samba-common ii samba-common-bin ii samba-dsdb-modules ii samba-libs:amd64 ii samba-vfs-modules dpkg -l |grep winbind # shows the same version on both servers ii libnss-winbind:amd64 ii libpam-winbind:amd64 ii libwbclient0:amd64 ii winbind smb.conf is the same on both servers also. Any advice? Winbind cache ? Thanks Derek Derek Werthmuller Director of Technology Innovation and Services CTG UAlbany 518.442.3892 www.ctg.albany.edu<http://www.ctg.albany.edu/>
Rowland Penny
2019-Apr-09 17:18 UTC
[Samba] Problems getting POSIX ACL working on upgraded samba file server Ubuntu 16.04 LTS to 18.04 LTS
On Tue, 9 Apr 2019 13:21:02 +0000 "Werthmuller, Derek via samba" <samba at lists.samba.org> wrote:> Running a Samba 4 AD DC on Ubuntu 18.04, and fileservers on 18.04. > Our access control needs are rather simple and worked well under the > samba 3 series with LDAP users and groups so we plan to keep using > the POSIX ACL (regular filesystem access controls) > > > smb.conf is the same on both servers also. >You have left out the main thing (though you have hinted at it) that might help, the smb.conf files. Can you please post the smb.conf files from the DC and the fileservers. Rowland
Apparently Analagous Threads
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
- Winbind backend = ldap pull uid-number and gid-number ldap values ?
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
- Windows 10 clients slow remapping drives and somewhat inconsistent in reconnecting to the saved map drives
- gidNumber's and ldap backed samba PDC