Web lists-archives.com

Re: [Samba] samba does not honor set group bit on directories

On Wed, 8 May 2019 16:16:58 +0200
Peter Varkoly <peter@xxxxxxxxxx> wrote:

> Hi,
> [global]
>          netbios name = admin
>          realm = <LONG-DOMAIN>

I do hope that '<LONG-DOMAIN>' is the dns domain in uppercase

>          workgroup = <DOMAIN>
>          dns forwarder =
>          server role = active directory domain controller
>          idmap_ldb:use rfc2307 = Yes
>          check password script = 
> /usr/share/oss/tools/check_password_complexity.sh

Are you aware that password complexity is in AD ?

>          winbind enum users = Yes
>          winbind enum groups = Yes

You should remove the two lines above, there are not needed and only
slow things down

>          wide links = Yes
>          unix extensions = No
>          template shell = /bin/bash
>          ntlm auth = yes

You like living dangerously, still using NTLMv1

>          bind interfaces only = yes
>          interfaces =,
>          comment = "CRANIX DC"
>          ldap server require strong auth = no

Are you using a self compiled version of Samba ? or are you using a
Samba package that uses the MIT kdc ?
If the latter, you should be aware that using MIT is still regarded as
experimental and shouldn't be used in production.

Finally, you are using a DC as a fileserver, this is not recommended,
but if you do, you can only set the permissions on the share from
Windows. This means that your shares can only look like this:

    comment = Shared directories of groups you are member in.
    path = /home/groups
    read only = No

You also need to read this:



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba