NN 708
2025-Apr-10 06:30 UTC
[Samba] "Failed to Enumerate Objects in the Container. Access is denied." with Windows ACL
Hello, I am encountering an issue while attempting to configure a minimal Samba file server with Windows ACL support in a containerized environment. Environment: Container runtime: Podman 5.4.0 Base image: docker.io/library/debian:trixie-slim (Debian Trixie) Samba version: 4.22.0 Configurations: 1. Join the domain using: samba-tool domain join mydomain.com MEMBER -U Administrator 2. /etc/samba/smb.conf: # Global parameters [global] realm = MYDOMAIN.COM server role = member server workgroup = MYDOMAIN idmap config * : backend = autorid idmap config * : rangesize = 10000 idmap config * : range = 10000-59999 vfs objects = acl_xattr map acl inherit = yes [users] path = /share/users read only = no 3. Tried both: # chown root:"MYDOMAIN\Domain Admins" /share/users # chown "MYDOMAIN\Administrator":"MYDOMAIN\Domain Admins" /share/users Despite successful file read/write operations, permission changes on Windows fail with the error: "Failed to Enumerate Objects in the Container. Access is denied." Any guidance would be greatly appreciated. Best regards, NN708
Luis Peromarta
2025-Apr-10 06:37 UTC
[Samba] "Failed to Enumerate Objects in the Container. Access is denied." with Windows ACL
Unsure about podman but with LXC, container must be privileged. On 10 Apr 2025 at 08:31 +0200, NN 708 via samba <samba at lists.samba.org>, wrote:> Hello, > > I am encountering an issue while attempting to configure a minimal Samba file server with Windows ACL support in a containerized environment. > > Environment: > Container runtime: Podman 5.4.0 > Base image: docker.io/library/debian:trixie-slim (Debian Trixie) > Samba version: 4.22.0 > > Configurations: > 1. Join the domain using: samba-tool domain join mydomain.com MEMBER -U Administrator > > 2. /etc/samba/smb.conf: > # Global parameters > [global] > realm = MYDOMAIN.COM > server role = member server > workgroup = MYDOMAIN > idmap config * : backend = autorid > idmap config * : rangesize = 10000 > idmap config * : range = 10000-59999 > vfs objects = acl_xattr > map acl inherit = yes > [users] > path = /share/users > read only = no > > 3. Tried both: > # chown root:"MYDOMAIN\Domain Admins" /share/users > # chown "MYDOMAIN\Administrator":"MYDOMAIN\Domain Admins" /share/users > > Despite successful file read/write operations, permission changes on Windows fail with the error: "Failed to Enumerate Objects in the Container. Access is denied." > > Any guidance would be greatly appreciated. > > Best regards, > NN708 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba