PreScript: I am willing to purchase support if that is an option
> You should also be aware that synology uses its own version of Samba,
> so something of theirs could be getting in the way, this is just a
> possibility.
noted - just a point of clarification, the snyology is only serving AD,
the file server is ubuntu
> I suggest you read the wiki page again and follow it to the letter.
ok, I spun up a new server for testing, should have done that
before...that gives us a clean place to start.? So following the wiki
step by step (error appears in step 7 and a snip of it is here:
https://snipboard.io/3dlDyi.jpg ):
1) Preparing the Host - host is joined to the domain
?? ?root at filesvr2:/data# getent passwd SDCP\\peter
?? ?SDCP\peter:*:2001105:2000512::/home/peter at SDCP:/bin/bash
2) File System Support - all requirements met
?? ?ext4 with the appropriate options
?? ???? root at filesvr2:/data# grep EXT4 /boot/config-`uname -r`
?? ???? CONFIG_EXT4_FS_POSIX_ACL=y
?? ???? CONFIG_EXT4_FS_SECURITY=y
?? ?acl, attr and xattr installed
?? ???? root at filesvr2:/data# apt search attr | grep -i installed
?? ???? attr/jammy,now 1:2.5.1-1build1 amd64 [installed,automatic]
?? ???? root at filesvr2:/data# apt search acl | grep -i installed
?? ???? acl/jammy,now 2.3.1-1 amd64 [installed]
?? ???? root at filesvr2:/data# apt search xattr | grep -i install
?? ???? xattr/jammy,now 0.9.7-1build4 amd64 [installed]
3) Samba has extended ACL support
?? ?root at filesvr2:/data# smbd -b | grep HAVE_LIBACL
?? ??? HAVE_LIBACL
4) Enabled Extended ACL
?? ?see smb.conf below
5) Granting the SeDiskOperatorPrivilege Privilege
?? ?root at filesvr2:/data# net rpc rights list privileges
SeDiskOperatorPrivilege -U "SDCP\administrator"
?? ?Password for [SDCP\administrator]:
?? ?SeDiskOperatorPrivilege:
?? ?? SDCP\Linux Admins
?? ?? BUILTIN\Administrators
6) Added the share and set ownership as shown
??? root at filesvr2:/data# mkdir test
??? root at filesvr2:/data# chown root:"SDCP\Linux Admins" test
??? root at filesvr2:/data# chmod 0770 test
??? root at filesvr2:/data# ls -l
?? ?total 4
?? ?drwxrwx--- 2 root SDCP\linux admins 4096 Oct? 3 17:04 test
7) switch to windows and connect via computer management
?? ?shares/Test has Share Permissions of Everyone = Full Control,
Change, Read
_*Security Tab, Linux Admins has no permissions set at all.? I try to
select them and get Access Denied*_
?? ?getfacl shows rwx for user and group: root at filesvr2:/data# getfacl test
?? ???? # file: test
?? ???? # owner: root
?? ???? # group: SDCP\\linux\040admins
?? ???? user::rwx
?? ???? group::rwx
?? ???? other::---
?? ?root at filesvr2:/data# xattr -p security.NTACL test
?? ?No such xattr: security.NTACL
?? ?root at filesvr2:/data# xattr test
smb.conf:
root at filesvr2:/data# cat /etc/samba/smb.conf
[global]
workgroup = SDCP
kerberos method = secrets and keytab
realm = SA*****NT.LOCAL
template shell = /bin/bash
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind refresh tickets = yes
winbind offline logon = yes
vfs objects = acl_xattr
map acl inherit = yes
[Test]
??? path = /data/test
??? comment = test
??? read only = no
??? acl_xattr:ignore system acls = yes