Web lists-archives.com

Re: [Samba] samba does not honor set group bit on directories




Thanks a lot!

Am 08.05.19 um 17:05 schrieb Rowland Penny via samba:
On Wed, 8 May 2019 16:16:58 +0200
Peter Varkoly <peter@xxxxxxxxxx> wrote:

Hi,

[global]
          netbios name = admin
          realm = <LONG-DOMAIN>
I do hope that '<LONG-DOMAIN>' is the dns domain in uppercase
Yes it is.

          workgroup = <DOMAIN>
          dns forwarder = 8.8.8.8
          server role = active directory domain controller
          idmap_ldb:use rfc2307 = Yes
          check password script =
/usr/share/oss/tools/check_password_complexity.sh
Are you aware that password complexity is in AD ?
Yes I'm.

          winbind enum users = Yes
          winbind enum groups = Yes
You should remove the two lines above, there are not needed and only
slow things down

          wide links = Yes
          unix extensions = No
          template shell = /bin/bash
          ntlm auth = yes
You like living dangerously, still using NTLMv1
It's for radius-server for mschapv2. Is there a better solution?

          bind interfaces only = yes
          interfaces = 127.0.0.1, 172.16.0.2
          comment = "CRANIX DC"
          ldap server require strong auth = no

Are you using a self compiled version of Samba ?

I'm using self compiled samba with integrated krb5.

https://build.opensuse.org/package/show/home:varkoly:OSS-4-0:stable/samba
https://build.opensuse.org/package/show/home:varkoly:OSS-4-0:stable-samba-4.8.9/samba
https://build.opensuse.org/package/show/home:varkoly:OSS-4-1:leap15.1/samba

  or are you using a
Samba package that uses the MIT kdc ?
If the latter, you should be aware that using MIT is still regarded as
experimental and shouldn't be used in production.

Finally, you are using a DC as a fileserver, this is not recommended,
but if you do, you can only set the permissions on the share from
Windows. This means that your shares can only look like this:
This means that not all linux file system magic has effect if accessed by a windows client!?

[groups]
     comment = Shared directories of groups you are member in.
     path = /home/groups
     read only = No

You also need to read this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba