> The latest Samba version is 4.10.6 and there have been numerous updates > since 4.3.11, but you shouldn't be having the problem you have, so lets > start be you posting your smb.confThank you very much. Here it is: [global] server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate realm = domain.lan ldap server require strong auth = no netbios name = SERVER1 workgroup = DOMAIN server role = active directory domain controller log level = 5 idmap_ldb:use rfc2307 = yes log file = /var/log/samba/log.%m [users] path = /home/users/ read only = no [profiles] comment = Users profiles path = /home/profiles read only = no browsable = no [CONDIVISIONE] path = /home/condivisa read only = No vfs objects = recycle recycle:keeptree = yes recycle:versions = yes recycle:maxsize = 200000000 recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:excludedir recycle:noversions = *.doc|*.xls|*.ppt recycle:directory_mode = 770 recycle:touch = yes recycle:touch_mtime = yes recycle:repository = .cestino/%U #<other shares> [netlogon] path = /var/lib/samba/sysvol/domain.lan/scripts read only = No browsable = no [sysvol] path = /var/lib/samba/sysvol read only = No browsable = no ----- Original Message -----> From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, July 2, 2019 1:02:19 PM > Subject: Re: [Samba] Weird access problem to files-- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
On 02/07/2019 12:14, Lorenzo Milesi wrote:>> The latest Samba version is 4.10.6 and there have been numerous updates >> since 4.3.11, but you shouldn't be having the problem you have, so lets >> start be you posting your smb.conf > Thank you very much. > Here it is: > > [global] > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate > realm = domain.lan > ldap server require strong auth = no > netbios name = SERVER1 > workgroup = DOMAIN > server role = active directory domain controller > log level = 5 > idmap_ldb:use rfc2307 = yes > log file = /var/log/samba/log.%m > > [users] > path = /home/users/ > read only = no > > [profiles] > comment = Users profiles > path = /home/profiles > read only = no > browsable = no > > [CONDIVISIONE] > path = /home/condivisa > read only = No > vfs objects = recycle > recycle:keeptree = yes > recycle:versions = yes > recycle:maxsize = 200000000 > recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp > recycle:excludedir > recycle:noversions = *.doc|*.xls|*.ppt > recycle:directory_mode = 770 > recycle:touch = yes > recycle:touch_mtime = yes > recycle:repository = .cestino/%U > > #<other shares> > > [netlogon] > path = /var/lib/samba/sysvol/domain.lan/scripts > read only = No > browsable = no > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > browsable = nowhich share isn't working ? is it 'CONDIVISIONE' ? By setting this: vfs objects = recycle , you have turned of 'acl_xattr'. You should also be aware that the permissions set from Windows (you are setting them from Windows, aren't you ?) are stored in an EA. Rowland
> By setting this: vfs objects = recycle , you have turned of 'acl_xattr'.Ouch! :( Is there a way to keep acl_xattr and recycle? Shall I specify both of them?> You should also be aware that the permissions set from Windows (you are > setting them from Windows, aren't you ?) are stored in an EA.Yes, we're using RSAT from Windows. I see ea support has been set to yes by default in 4.9.0. Being this 4.3.11 means we must enable it for ACL to work correctly? thanks again -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
> which share isn't working ? > is it 'CONDIVISIONE' ?What is really weird is: Computer01, Win10, user1 logged in as local (not using domain user), share mapped with domain user. In the path I've posted in the first message the user can access BUT cannot write. Computer01, Win10, user1 logged in as domain user: same as above, user can access the folder but cannot write. Computer02, Win7, user1 logged ad domain user: the user can access and WRITE to the share. We tried restarting Computer01, logging in again, write problem persists. What can cause different behavior on the same account on two different computers? -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.