Re: [Samba] "missing security tab" and related ACL issues
- Date: Fri, 7 Sep 2018 14:02:01 +0200
- From: "Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] "missing security tab" and related ACL issues
Am 07.09.18 um 12:45 schrieb Rowland Penny via samba:
On Fri, 7 Sep 2018 11:22:36 +0200
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:
At a customer server (gentoo linux, so far only Samba version 4.7.7)
we tried to use Windows ACLs and failed:
no security tab in Windows ... for local C: yes, not on samba shares
Yes, I followed
and have the vfs module enabled etc
Now I consider that the kernel doesn't have the necessary flags set.
# getfattr -n security.NTACL -d /mnt/MSA2040/smb/IT
/mnt/MSA2040/smb/IT: security.NTACL: Operation not supported
# getfacl /mnt/MSA2040/smb/IT
getfacl: Removing leading '/' from absolute path names
# file: mnt/MSA2040/smb/IT
# owner: ittner
# group: dom�nen-benutzer
From the old kernel config I see these flags unset:
# CONFIG_EXT4_FS_POSIX_ACL is not set
# CONFIG_EXT4_FS_SECURITY is not set
So I prepared a new kernel with these 2 flags enabled and will reboot
at 2:30pm ... We'll see!
Any other issues I might miss here?
Apart from the fact getattr works on an EA and getfacl works on
extended ACL's i.e. different things ? ;-)
what? One works, the other not ... I interpret that the kernel doesn't
support the ACL-feature of ext4
Stop me if I am wrong, but isn't 'benutzer' German for 'users' ?
What is the the German for 'admins' ?
# wbinfo -g | grep -i admin
specops endpoint protection report admins
Binary file (standard input) matches
?? no "domänen-admins" in here
net rpc rights grant "DOM\domänen-admins" SeDiskOperatorPrivilege -U
fails because the group is not found
I asked that already some times ago
and I try to work around that by granting that right to a group called
IT and the few admins in there
At 2:30pm we plan to reboot into the other kernel.
To unsubscribe from this list go to the following URL and read the