Setting "min domain uid = 0" and re-enabling user.map did actually
work.
Thank you for that.
However, the other ACL message (on the sending side) I mentioned still
occurs with user mapping.
Error 1314 (0x00000522) Copying NTFS security to destination X:\
A required privilege is not held by the client
So to do some more tests, I removed the /COPYALL which includes ACL's
(actually the Security descriptor, but I guess that is the same) and
replaced it with /COPY:DAT
This did actually solve the original problem (full replication). So now I
asked myself, does this mean that ACL's are not copied at all?
To test this, I created a new source file with an explicit ACL and
restarted replication /COPY:DAT. That did include the new file, but the ACL
was missing on the Samba server (verified with getfacl)
So right now the replication DOES work, but not with the ACL's intact.
This page gave me some more clues
https://superuser.com/questions/734095/robocopy-error-1314-0x00000522-on-windows-7-home-premium
By using /COPY:DATSO, the ACL was actually propagated to the target. BUT it
also again included every other file. So this is back to square one, except
that user.map now is working :).
Going around in circles, I hope that someone wiser than me can suggest an
alternative way to keep the Samba server synchronized with the Windows
share.
On Sun, Jun 18, 2023 at 10:55?AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 18/06/2023 09:45, Anders ?stling via samba wrote:
> >> Not a robocopy guru, so cannot help there and your smb.conf looks
okay,
> >> though there are a few lines that don't strictly need to be
there,
> >> mainly because they are defaults. What is perplexing me most is
that you
> >> think that Samba does not like the user.map any more, can you
please
> >> elaborate where you have seen this posted ?
> >
> > The sync script runs as Administrator on the Win server as I wrote
> earlier.
> > After doing the 4.12 -> 4.15 upgrade earlier this week, the script
failed
> > with a "Permission denied" and something about "ACL not
copied". I
> googled
> > that error message combined with Samba and found a link that mentioned
> > that mapping root to administrator via user.map was not working any
more
> > (by design if I remember correctly). Unfortunately I did not save that
> > search and/or link. Anyway, I disabled the user.map option and then
the
> > replication worked again (except the date issue in my original mail)
> >
> >
> >
>
> Hi Anders, thanks for answering.
>
> I think this was referring to a CVE. The user.map still works, you just
> have to add 'min domain uid = 0' to the smb.conf or find another to
do
> things.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
------ -------------------- 8 ------------------ ------
"A *wise* man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"
Anders ?stling
+46 768 716 165 (Mobil)