info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Problem mapping extended acls with sssd and samba
206 views
Skip to first unread message
edson via samba
Mar 19, 2017, 4:20:03 PM3/19/17
to
Hello.
I have a file server with samba and sssd. Is working perfectly.
The problem is when I define extended ACLs using windows explorer. Acls are
not applied in the file system to the groups and users of the domain.
But when I work with winbind I can apply the extended acls in the file
system.
Follow the contents of the sssd.conf and smb.conf file
[global]
WORKGROUP = DOMAINE
Realm = DOMAINA.COM
Netbios name = FILESERVER
Dedicated keytab file = /etc/krb5.keytab
Kerberos method = dedicated keytab
Security = ads
Log level = 3
Log file = /var/log/samba/log.all
Max log size = 4000
Domain master = no
Local master = no
# Enable Extended ACLs #
Map acl inherit = yes
Store dos attributes = yes
Vfs objects = acl_xattr
[rh]
Path = / mnt / samba / rh
; Valid users = man...@coorp.gnulinux so...@coorp.gnulinux
Write list = @ "r...@coorp.gnulinux" @ "dire...@coorp.gnulinux" @
"ven...@coorp.gnulinux"
[Sssd]
Domains = domaina.com
Config_file_version = 2
Services = nss, pam
[Domain / domaina.com]
Ad_domain = domaina.com
Krb5_realm = COORP.GNULINUX
Realmd_tags = manages-system joined-with-samba
Cache_credentials = True
Id_provider = ad
Krb5_store_password_if_offline = True
Default_shell = / bin / bash
Ldap_id_mapping = True
Use_fully_qualified_names = True
Fallback_homedir = / home /% u @% d
Access_provider = ad
Why does it happen ?
Can someone please help me?
--
Att,
Edson Oliveira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have a file server with samba and sssd. Is working perfectly.
The problem is when I define extended ACLs using windows explorer. Acls are
not applied in the file system to the groups and users of the domain.
But when I work with winbind I can apply the extended acls in the file
system.
Follow the contents of the sssd.conf and smb.conf file
[global]
WORKGROUP = DOMAINE
Realm = DOMAINA.COM
Netbios name = FILESERVER
Dedicated keytab file = /etc/krb5.keytab
Kerberos method = dedicated keytab
Security = ads
Log level = 3
Log file = /var/log/samba/log.all
Max log size = 4000
Domain master = no
Local master = no
# Enable Extended ACLs #
Map acl inherit = yes
Store dos attributes = yes
Vfs objects = acl_xattr
[rh]
Path = / mnt / samba / rh
; Valid users = man...@coorp.gnulinux so...@coorp.gnulinux
Write list = @ "r...@coorp.gnulinux" @ "dire...@coorp.gnulinux" @
"ven...@coorp.gnulinux"
[Sssd]
Domains = domaina.com
Config_file_version = 2
Services = nss, pam
[Domain / domaina.com]
Ad_domain = domaina.com
Krb5_realm = COORP.GNULINUX
Realmd_tags = manages-system joined-with-samba
Cache_credentials = True
Id_provider = ad
Krb5_store_password_if_offline = True
Default_shell = / bin / bash
Ldap_id_mapping = True
Use_fully_qualified_names = True
Fallback_homedir = / home /% u @% d
Access_provider = ad
Why does it happen ?
Can someone please help me?
--
Att,
Edson Oliveira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
Mar 19, 2017, 4:50:03 PM3/19/17
to
On Sun, 19 Mar 2017 17:09:32 -0300
edson via samba <sa...@lists.samba.org> wrote:
> Hello.
>
> I have a file server with samba and sssd. Is working perfectly.
Is it ?
edson via samba <sa...@lists.samba.org> wrote:
> Hello.
>
> I have a file server with samba and sssd. Is working perfectly.
>
> The problem is when I define extended ACLs using windows explorer.
> Acls are not applied in the file system to the groups and users of
> the domain.
>
> But when I work with winbind I can apply the extended acls in the file
> system.
>
winbind instead of, the unsupported by Samba, sssd
sssd has nothing to do with Samba, so if you want to continue using
sssd, I would suggest you contact the sssd-users mailing list.
You should also note, if you are going to set the ACLs from windows,
you should not use the 'write list' option.
Rowland
edson via samba
Mar 19, 2017, 5:10:02 PM3/19/17
to
Thanks for the answer.
But even removing the write list parameter, the problem persists.
Excuse me. But the sssd service is working perfectly, and I see no reason
to ask for help on the sssd user list.
One important information is that when I apply the ACLs using the setfacl
command the mapping is done and the permissions are applied.
But when I use windows explorer the ACLs permissions are not applied.
If anyone knows why this is happening, and be able to help me.
I thank you.
2017-03-19 17:39 GMT-03:00 Rowland Penny <rpe...@samba.org>:
> On Sun, 19 Mar 2017 17:09:32 -0300
> edson via samba <sa...@lists.samba.org> wrote:
>
> > Hello.
> >
> > I have a file server with samba and sssd. Is working perfectly.
>
> Is it ?
>
> >
> > The problem is when I define extended ACLs using windows explorer.
> > Acls are not applied in the file system to the groups and users of
> > the domain.
>
> There you go, it obviously isn't ;-)
>
> >
> > But when I work with winbind I can apply the extended acls in the file
> > system.
> >
>
> Then the obvious fix for your problem is to use the Samba supported
> winbind instead of, the unsupported by Samba, sssd
>
> sssd has nothing to do with Samba, so if you want to continue using
> sssd, I would suggest you contact the sssd-users mailing list.
>
> You should also note, if you are going to set the ACLs from windows,
> you should not use the 'write list' option.
>
> Rowland
>
>
--
Att,
Edson de Abreu Oliveira
But even removing the write list parameter, the problem persists.
Excuse me. But the sssd service is working perfectly, and I see no reason
to ask for help on the sssd user list.
One important information is that when I apply the ACLs using the setfacl
command the mapping is done and the permissions are applied.
But when I use windows explorer the ACLs permissions are not applied.
If anyone knows why this is happening, and be able to help me.
I thank you.
2017-03-19 17:39 GMT-03:00 Rowland Penny <rpe...@samba.org>:
> On Sun, 19 Mar 2017 17:09:32 -0300
> edson via samba <sa...@lists.samba.org> wrote:
>
> > Hello.
> >
> > I have a file server with samba and sssd. Is working perfectly.
>
> Is it ?
>
> >
> > The problem is when I define extended ACLs using windows explorer.
> > Acls are not applied in the file system to the groups and users of
> > the domain.
>
> There you go, it obviously isn't ;-)
>
> >
> > But when I work with winbind I can apply the extended acls in the file
> > system.
> >
>
> Then the obvious fix for your problem is to use the Samba supported
> winbind instead of, the unsupported by Samba, sssd
>
> sssd has nothing to do with Samba, so if you want to continue using
> sssd, I would suggest you contact the sssd-users mailing list.
>
> You should also note, if you are going to set the ACLs from windows,
> you should not use the 'write list' option.
>
> Rowland
>
>
--
Edson de Abreu Oliveira
Rowland Penny via samba
Mar 19, 2017, 5:30:02 PM3/19/17
to
On Sun, 19 Mar 2017 18:03:34 -0300
edson <edeao...@gmail.com> wrote:
> Thanks for the answer.
>
> But even removing the write list parameter, the problem persists.
>
> Excuse me. But the sssd service is working perfectly, and I see no
> reason to ask for help on the sssd user list.
Are you 100% sure this has nothing to do sssd ?
edson <edeao...@gmail.com> wrote:
> Thanks for the answer.
>
> But even removing the write list parameter, the problem persists.
>
> Excuse me. But the sssd service is working perfectly, and I see no
> reason to ask for help on the sssd user list.
>
> One important information is that when I apply the ACLs using the
> setfacl command the mapping is done and the permissions are applied.
>
> But when I use windows explorer the ACLs permissions are not applied.
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
If, after following that, it still doesn't work, then try the sssd
list, this may be something they have come across before.
Rowland
edson via samba
Mar 19, 2017, 5:40:03 PM3/19/17
to
First of all, thank you.
Yes. I'm sure sssd is running 100%.
The documentation of the link that passed me served as a basis to implement.
I'll follow your advice and I'll ask you on the sssd user list.
Even so, I hope someone else who went through the same score answers here.
Thank you all.
Yes. I'm sure sssd is running 100%.
The documentation of the link that passed me served as a basis to implement.
I'll follow your advice and I'll ask you on the sssd user list.
Even so, I hope someone else who went through the same score answers here.
Thank you all.
--
Att,
Edson de Abreu Oliveira
Att,
Edson de Abreu Oliveira
edson via samba
Mar 20, 2017, 10:10:03 PM3/20/17
to
Hello.
I was able to solve the problem. The system was using the libwbclient
library of the samba package. I just did the following:
Yum install sssd-libwbclient
Set this new library installed with default on the system:
Alternatives --set libwbclient.so.0.12-64
/usr/lib64/sssd/modules/libwbclient.so.0.12.0
And restart the smbd and sssd daemons:
Systemctl restart sssd smbd
Now I can set the permissions of ACLs extended by windows explorer and the
mapping is applied.
Thank you.
I was able to solve the problem. The system was using the libwbclient
library of the samba package. I just did the following:
Yum install sssd-libwbclient
Set this new library installed with default on the system:
Alternatives --set libwbclient.so.0.12-64
/usr/lib64/sssd/modules/libwbclient.so.0.12.0
And restart the smbd and sssd daemons:
Systemctl restart sssd smbd
Now I can set the permissions of ACLs extended by windows explorer and the
mapping is applied.
Thank you.
Rowland Penny via samba
Mar 21, 2017, 5:40:02 AM3/21/17
to
On Mon, 20 Mar 2017 23:05:46 -0300
edson <edeao...@gmail.com> wrote:
> Hello.
>
> I was able to solve the problem. The system was using the libwbclient
> library of the samba package. I just did the following:
>
> Yum install sssd-libwbclient
>
So it wasn't a Samba problem and sssd wasn't working correctly even
edson <edeao...@gmail.com> wrote:
> Hello.
>
> I was able to solve the problem. The system was using the libwbclient
> library of the samba package. I just did the following:
>
> Yum install sssd-libwbclient
>
though you were 100% sure it was ;-)
edson via samba
Mar 21, 2017, 1:30:02 PM3/21/17
to
No. Samba and sssd were running 100%. The problem was the lack of a library
to make the communication between samba and sssd work at 100%.
Thank you.
to make the communication between samba and sssd work at 100%.
Thank you.
--
Att,
Edson de Abreu Oliveira
Att,
Edson de Abreu Oliveira
0 new messages