On 10/02/2023 08:38, Stefan G. Weichinger via samba
wrote:> Am 10.02.23 um 09:10 schrieb Rowland Penny via samba:
>
>>> idmap config * : range = 3000-7999
>>> idmap config * : backend = tdb
>>> idmap config NORAS : range = 10000-20000
>>> idmap config NORAS : backend = rid
>>
>> Is this bad sanitisation ?
>> your workgroup is 'COMP' and the idmap config lines are using
'NORAS',
>> they should be the same.
>>
>> If that isn't it, try looking at dns, with things like this, it is
>> usually dns.
>
> no that was just me trying to anonymize things and failing ...
Thought so LOL
>
> think
>
> idmap config COMP : range = 10000-20000
> idmap config COMP : backend = rid
>
> -
>
> Tested on a test share now.
>
> That yellow warning still comes, but this "claim types" thing
seems only
> to relate to some conditions
>
> I googled this image as reference:
>
>
https://download.huawei.com/mdl/image/download?uuid=8e4e181d5bcd4626ac44ffe959904264
>
> I was able to add a principal and edit its permission on the testshare.
>
> The yellow warning is there on shares belonging to root or Administrator
> (wrong)
Problem is, Administrator shouldn't own anything on Unix.
>
> -
>
> Reading
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> again, sure.
>
> I don't have "acl_xattr:ignore system acls = yes" ...
changing that
> sounds dangerous, especially while there are dozens of active users on
> the server right now.
>
>
That does exactly what it says, the normal 'ugo' Unix permissions will
be ignored and only permissions set from Windows (and stored in an EA)
will be used by Samba.
Rowland