Displaying 20 results from an estimated 3000 matches similar to: "nfsv4-acls for cifs and nfsv4"
2024 Jul 13
1
Samba and NFSv4 ACLs
> Samba provides the "nfs4acl_xattr" vfs module precisely for that.
I am not an expert in Windows ACL, but where do you see that the
nfs4acl_xattr vfs module provides the support for "manage the ACLs on
the OS of the Samba host directly?"
From the Wiki page, https://wiki.samba.org/index.php/NFS4_ACL_overview,
it implies the following four operation modes are possible.
2018 Apr 06
2
Operation Not Supported error for GETXATTR when VFS plugin "nfs4acl_xattr" is used
On Fri, Apr 06, 2018 at 12:40:31PM -0700, Jeremy Allison wrote:
> On Fri, Apr 06, 2018 at 09:22:17PM +0200, Ralph Böhme wrote:
> > On Fri, Apr 06, 2018 at 10:27:32AM -0700, Jeremy Allison via samba wrote:
> > > On Fri, Apr 06, 2018 at 01:44:50PM +0530, Akash Jain wrote:
> > > > Hi All
> > > >
> > > > I found there is one bug in the plugin. The
2018 Oct 10
1
NFSv4, homes, Kerberos...
On Wed, 10 Oct 2018 09:25:16 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
> Hmm.. Bummer..
> I just discovered the debian package dont have the vfs_nfs4acl
> include in the build.
>
> And because of that it's not in my packages. I'll have a look into
> it, see what i can make of it.
>
That is odd, it
2018 Apr 05
4
Operation Not Supported error for GETXATTR when VFS plugin "nfs4acl_xattr" is used
Hello All
I am trying to use nfs4acl_xattr plugin from samba source code.
https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html
I mounted NFSv4 mount point locally and exported it through samba with vfs
objects set to nfs4acl_xattr.
*[root at test3 ajain]# net conf showshare local[local] path =
/home/ajain/mount comment = local share guest ok =
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one.
And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine.
Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled.
And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting
homes with 'unix extensions = yes', and works as expected, at least
with some old lubuntu derivatives. Client side i use 'pam_mount'.
Now i'm working on a ubuntu mate derivative, and i've not found a way
to start the session properly in CIFS.
If i create a plain local home (pam_mkhome), session start as
2019 Dec 25
3
Setting ACLs with smbcacls fails (partly)
Hello,
I'm running a PDC and a secondary DC in privilegded lxc containers and
try to setup a fileserver in an unprivileged lxc container.
The shares of the file server are on the ZFS of the host and mapped via
bind-mount.
I've got the problem, that I get error messages when setting the ACLs of
a samba share either via the Windows explorer or using the smbcacls command.
On Windows
2024 Jul 12
2
Samba and NFSv4 ACLs
Hello
In the Samba Wiki page "https://wiki.samba.org/index.php/NFS4_ACL_overview"
we can read the following:
"If you use the Samba vfs module acl_xattr, you can use the full Windows ACL
features but you will not be able to manage the ACLs on the OS of the Samba
host directly and you will not have the permissions enforced by the
filesystem. Samba is doing permission management in
2015 Dec 04
2
Linux & NFSv4 ACLs
> On Dec 3, 2015, at 17:24, Jeremy Allison <jra at samba.org> wrote:
>
>> On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote:
>> I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead
2015 Dec 04
2
Linux & NFSv4 ACLs
----- Original Message -----
> From: "Jeremy Allison" <jra at samba.org>
> To: "Nick E Couchman" <nick.couchman at seakr.com>
> Cc: samba at lists.samba.org
> Sent: Thursday, December 3, 2015 6:13:51 PM
> Subject: Re: [Samba] Linux & NFSv4 ACLs
> On Thu, Dec 03, 2015 at 06:03:39PM -0700, Nick Couchman wrote:
>>
>> > On Dec 3,
2017 Mar 20
4
Skip ACL checks
On Fri, Mar 17, 2017 at 1:54 PM, Volker Lendecke <vl at samba.org> wrote:
> On Thu, Mar 16, 2017 at 05:38:57PM +0100, Christoph Kleineweber wrote:
> > I am wondering if there is a way to bypass Samba's ACL checks and
> delegate
> > access control completely to the underlying file system.
> >
> > My problem arises from the following scenario: Our file system
2019 May 10
4
nfs4acl_xattr & Samba
Is nfs4acl_xattr available in any version of samba? I just upgraded to 4.9.6 but it doesn’t seem to be baked in.
2012 Mar 06
3
Samba to share NFSv4 + ACL mounted filesystems on NetApp storage
Hi,
We are running into a problem with a Samba setup and would like to
know if a current fix or workaround is at all possible.
Our setup is a NetApp filer serving NFS v4 that is mounted by
Solaris and Linux servers. On those servers we are using Samba to
create shares of those NFSv4 mounted filesystems. We are migrating
to this NFSv4 setup from an existing Solaris NFSv3+Posix ACL setup
that also
2018 Apr 09
2
Operation Not Supported error for GETXATTR when VFS plugin "nfs4acl_xattr" is used
Hello Jeremy and Ralph
Thanks for your suggestions.
I compiled samba-4.8.0 and running it instead of samba-4.6.2. I saw the
changes that you mentioned in the latest vfs_nfs4acl_xattr module.
The operation not supported error is gone but it is now failing with access
denied. Here is what I tried:
*[root at test3 ajain]# net conf showshare local[local] path =
/home/ajain/mount
2019 Dec 27
2
Setting ACLs with smbcacls fails (partly)
On 27/12/2019 12:59, Chris via samba wrote:
> On 25/12/2019 20:04, Rowland penny via samba wrote:
>
>> On 25/12/2019 16:46, Chris via samba wrote:
>>> Hello,
>> Merry Christmas
> Thanks Rowland! Hope you had a Merry Christmas too
>>> The shares of the file server are on the ZFS of the host and mapped
>>> via bind-mount.
>>
>> Ah, that
2018 Apr 09
2
Operation Not Supported error for GETXATTR when VFS plugin "nfs4acl_xattr" is used
Hi Ralph
Thanks a lot. With xattr_tdb I could at least list the files getting rid of
access denied error.
I still do not see the exactly mapped ACEs in the Security Descriptor of a
file in Windows Explorer but I will debug that little further and then come
back with questions.
I see only 1 entry of Everyone on Windows client side if there are added
ACEs using nfs4_setfacl.
Let me know if that
2018 Oct 09
0
NFSv4, homes, Kerberos...
Hai,
I'm getting somewhere, here you go, a snap of what i have atm.
And what works atm. Im asuming you have winbind already running.
Obligated is A+PTR record in the DNS.
You can turn or the rdns check in krb5.conf but i did not test that.
# Tested on Debian Stretch - NFSv4 SERVER
apt-get install --auto-remove nfs-kernel-server
systemctl stop nfs-*
Added in krb5.conf below the
2018 Oct 10
0
NFSv4, homes, Kerberos...
Hai,
Hmm.. Bummer..
I just discovered the debian package dont have the vfs_nfs4acl include in the build.
And because of that it's not in my packages. I'll have a look into it, see what i can make of it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: dinsdag 9
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups