samba - Oct 2022 - editing samba-share ACLs etc from Windows

Am 20.10.22 um 11:13 schrieb Rowland Penny via samba:
>> # Use settings from AD for login shell and home directory
>> winbind nss info = template
> 
> That is interesting, mainly because you are using the idmap 'rid' 
> backend, you can only use rfc2307 attributes from AD if you use the 
> idmap 'ad' backend, so you might as well remove those two lines.
> 
>> template shell = /bin/bash
>> template homedir = /mnt/samba/Daten/%U
The lines above or below your comment?
>> # ACLs
>> ?????store dos attributes = Yes
>> ?????map acl inherit = Yes
>> ?????#vfs objects = acl_xattr full_audit
>> ?????vfs objects = acl_xattr
>>
>> # Audit settings
>> full_audit:prefix = %u|%I|%m|%S
>> full_audit:failure = connect
>> full_audit:success = mkdir rmdir read pread write pwrite rename unlink
>> full_audit:facility = local5
>> full_audit:priority = notice
>>
> 
> You might as well comment out the audit settings, you are not using them.
Sure, understood. Disabled that a while ago.
>> [daten]
>> ?????comment = Daten
>> ?????path = /mnt/samba/
>> ?????read only = No
>> ?????create mask = 0775
>> ?????directory mask = 02775
>> ?????force directory mode = 0775
>> ?????#wide links = yes
>> ?????#veto oplock files = /*.DAT/*.dat/
>> ?????#oplocks = False
>> ?????#level2 oplocks = False
>>
> 
> OK, where does it say to add all those extra lines to the share ? It 
> certainly doesn't say it here:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
As mentioned: historic and grown config ...
> You didn't post the share permissions I asked for, is it possible you 
> can do so ?
Where do I take these from?

thanks

On 20/10/2022 12:04, Stefan G. Weichinger via samba
wrote:
> Am 20.10.22 um 11:13 schrieb Rowland Penny via samba:
> 
>>> # Use settings from AD for login shell and home directory
>>> winbind nss info = template
>>
>> That is interesting, mainly because you are using the idmap
'rid'
>> backend, you can only use rfc2307 attributes from AD if you use the 
>> idmap 'ad' backend, so you might as well remove those two
lines.
>>
>>> template shell = /bin/bash
>>> template homedir = /mnt/samba/Daten/%U
> 
> The lines above or below your comment?
The lines 'above', I would have said 'these' if I meant the
lines
'below', unless I was having another senior moment :-D
> 
>>> # ACLs
>>> ?????store dos attributes = Yes
>>> ?????map acl inherit = Yes
>>> ?????#vfs objects = acl_xattr full_audit
>>> ?????vfs objects = acl_xattr
>>>
>>> # Audit settings
>>> full_audit:prefix = %u|%I|%m|%S
>>> full_audit:failure = connect
>>> full_audit:success = mkdir rmdir read pread write pwrite rename
unlink
>>> full_audit:facility = local5
>>> full_audit:priority = notice
>>>
>>
>> You might as well comment out the audit settings, you are not using
them.
> 
> Sure, understood. Disabled that a while ago.
> 
>>> [daten]
>>> ?????comment = Daten
>>> ?????path = /mnt/samba/
>>> ?????read only = No
>>> ?????create mask = 0775
>>> ?????directory mask = 02775
>>> ?????force directory mode = 0775
>>> ?????#wide links = yes
>>> ?????#veto oplock files = /*.DAT/*.dat/
>>> ?????#oplocks = False
>>> ?????#level2 oplocks = False
>>>
>>
>> OK, where does it say to add all those extra lines to the share ? It 
>> certainly doesn't say it here:
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> As mentioned: historic and grown config ...
I suggest you add a 'test' share following the wikipage I pointed to 
earlier and see if that works.
> 
>> You didn't post the share permissions I asked for, is it possible
you
>> can do so ?
> 
> Where do I take these from?
> 
ls -ld /mnt/samba

Rowland