Web lists-archives.com

Re: [Samba] Problems with samba and profile syncing from various windows versions






Le 04/05/2017 à 10:01, Rowland Penny a écrit :
On Thu, 4 May 2017 09:39:17 +0200
Arnaud FLORENT <aflorent@xxxxxxxxxxxx> wrote:


Le 04/05/2017 à 09:36, Rowland Penny a écrit :
On Thu, 4 May 2017 09:07:11 +0200
Arnaud FLORENT <aflorent@xxxxxxxxxxxx> wrote:

Le 04/05/2017 à 08:45, Rowland Penny via samba a écrit :
On Wed, 3 May 2017 22:48:06 +0200
Jakub Kulesza via samba <samba@xxxxxxxxxxxxxxx> wrote:

Thanks for pointing this out.

I have read that again, now my profiles do not have "vfs objects
= full_audit" and disabled the csc policy. I have verified that I
have set up my profiles share properly and that it has all the
right entitlements. I have reset the entitlements for the users
that have issues (as Administrator right click on the folder and
do the dance there with Windows). We'll see tomorrow.

Is "profile acls" required anymore on Samba 4.3? What effect will
it have on Windows 10?

On a Samba AD DC, no, you must use windows ACLs, but, on a Unix
domain member, you can use the old way i.e. 'create mask' etc

Rowland
Could you explain why  the old way can not be used please?

why only shares using extended ACLs are supported on a Samba AD DC?

extended ACL support is automatically enabled globally
but there may be a way to disable it for a specific share?
You answered your question yourself ;-)

Extended ACL support is automatically enabled globally and you
cannot turn it off.

Rowland


nt acl =no
seems to work

am i wrong to use this?
YES!

what kind of errors may occurs?
The AD DC relies on NT ACLs, you need to accept that you must use
Windows ACLs on a Samba AD DC if you use it as a fileserver. If you
must use the old way of doing things, set up a Unix domain member and
use this as a fileserver instead.

If you go here:

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

Under the heading 'Using POSIX ACLs', you will find an info box
containing this:

  When setting up the share on a Samba Active Directory (AD) domain
  controller (DC), you cannot use POSIX ACLs. On an Samba DC, only
  shares using extended ACLs are supported. For further details, see
  Enable Extended ACL Support in the smb.conf File. To set up the share
  on a Samba AD DC, see Setting up the Profiles Share on the Samba File
  Server - Using Windows ACLs.

This wasn't written for no reason.

Rowland
Thank you Rowloand

so my next question is

is there a way to setup the share and windows acl only from server command line?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba