Mandi! Rowland penny via samba In chel di` si favelave...> Do you have ANY Windows clients ?Sure! Most of my clients are windows.> If the answer is yes, then you need to follow the 'Setting up a share using > windows ACLs' page and make your Linux clients work with this. > If the answer is no, then you can follow the POSIX ACLs page. > Do not try to mix the two.Rowland, i'm simply trying to understand, or better, trying to match my experience with Samba in NT mode with AD mode. In these years seems i've sticked with 'POSIX ACLs', building around policy and scrpts to manage ACLs, so probably it is better to keep at it (for me, of course). And my Windows client works happily! Also, for the tests i've done, 'windows ACL' works as depicted on the wiki page if and only if you set also: acl_xattr:ignore system acls = yes acl_xattr:default acl style = windows FYI. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 05/02/2020 14:31, Marco Gaiarin via samba wrote:> Mandi! Rowland penny via samba > In chel di` si favelave... > >> Do you have ANY Windows clients ? > Sure! Most of my clients are windows. > > >> If the answer is yes, then you need to follow the 'Setting up a share using >> windows ACLs' page and make your Linux clients work with this. >> If the answer is no, then you can follow the POSIX ACLs page. >> Do not try to mix the two. > Rowland, i'm simply trying to understand, or better, trying to match my > experience with Samba in NT mode with AD mode.An nt4-style domain is nothing like an AD domain, yes there are similarities, but they work very differently.> > In these years seems i've sticked with 'POSIX ACLs', building around > policy and scrpts to manage ACLs, so probably it is better to keep at > it (for me, of course). > And my Windows client works happily!If you only had Unix clients, then you could stick with this way of doing things, but you have Windows clients, so you need to work the Windows way and make your Unix clients work the same way.> > > Also, for the tests i've done, 'windows ACL' works as depicted on the > wiki page if and only if you set also: > acl_xattr:ignore system acls = yes > acl_xattr:default acl style = windowsIt works for me without those lines. Rowland
Mandi! Rowland penny via samba In chel di` si favelave...> > And my Windows client works happily! > If you only had Unix clients, then you could stick with this way of doing > things, but you have Windows clients, so you need to work the Windows way > and make your Unix clients work the same way.No. In these years i've worked with 'POSIX ACLs', setting up scripts to 'cleanup/sanitize' POSIX ACLs so they behave correctly on windows. I prefere to have (rather) simpler ACLs, but be able to manage it (also) from UNIX, in a UNIX way. Anyway, it is not true that 'Windows ACLs' is the only way to make domain member works in respect to windows client (clearly, domain controller is another story...).> > Also, for the tests i've done, 'windows ACL' works as depicted on the > > wiki page if and only if you set also: > > acl_xattr:ignore system acls = yes > > acl_xattr:default acl style = windows > It works for me without those lines.Boh, I'll do some more test... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)