Re: [Samba] samba does not honor set group bit on directories
- Date: Wed, 8 May 2019 20:02:01 +0200
- From: Peter Varkoly via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] samba does not honor set group bit on directories
Thanks a lot!
Am 08.05.19 um 17:05 schrieb Rowland Penny via samba:
On Wed, 8 May 2019 16:16:58 +0200
Peter Varkoly <peter@xxxxxxxxxx> wrote:
netbios name = admin
realm = <LONG-DOMAIN>
I do hope that '<LONG-DOMAIN>' is the dns domain in uppercase
Yes it is.
workgroup = <DOMAIN>
dns forwarder = 184.108.40.206
server role = active directory domain controller
idmap_ldb:use rfc2307 = Yes
check password script =
Are you aware that password complexity is in AD ?
winbind enum users = Yes
winbind enum groups = Yes
You should remove the two lines above, there are not needed and only
slow things down
wide links = Yes
unix extensions = No
template shell = /bin/bash
ntlm auth = yes
You like living dangerously, still using NTLMv1
It's for radius-server for mschapv2. Is there a better solution?
bind interfaces only = yes
interfaces = 127.0.0.1, 172.16.0.2
comment = "CRANIX DC"
ldap server require strong auth = no
Are you using a self compiled version of Samba ?
I'm using self compiled samba with integrated krb5.
This means that not all linux file system magic has effect if accessed
by a windows client!?
or are you using a
Samba package that uses the MIT kdc ?
If the latter, you should be aware that using MIT is still regarded as
experimental and shouldn't be used in production.
Finally, you are using a DC as a fileserver, this is not recommended,
but if you do, you can only set the permissions on the share from
Windows. This means that your shares can only look like this:
comment = Shared directories of groups you are member in.
path = /home/groups
read only = No
You also need to read this:
To unsubscribe from this list go to the following URL and read the