[Samba] Windows ACL behaviour in standalone fileservers (LDAP vs TDB)
- Date: Wed, 23 Jan 2019 11:50:59 +0100
- From: Matthias Leopold via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Windows ACL behaviour in standalone fileservers (LDAP vs TDB)
I'm building and managing standalone fileservers (security = user) with
various passdb backends. I'm noticing different behaviour of Windows
ACLs for servers with LDAP and TDB passdb backends.
In a LDAP backed server (which I started with) I can freely add
filesystem permissions (eg for groups) to objects (files/folders) via
the Windows (7) permissions editor.
In a TDB backed server I can only add permission to a folder for a group
if the containing folder has (any) permissions for that group.
Additionally I have to enter my credentials again in the permissions
editor, which isn't needed on the LDAP backed server.
Configuration for both servers from a "result view" looks identical to me:
- "net groupmap list" is identical
- both use "security = user" and "acl_xattr"
I'm obviously not an expert for Windows ACLs, a workmate Windows Admin
told me that the second behaviour is what he would expect, still I'm
Samba is 4.8.3 on CentOS 7.
To unsubscribe from this list go to the following URL and read the