set ACLs on a cifs mounted folder: possible?

1

In short: I have mounted a CIFS folder from a remote server. I would now like to share this folder with my local samba server, which is part of a domain, using windows ACLs. Is this possible? How would I be able to share this folder and set individual ACLS on it?

More specifically; I have followed the samba Tutorial to set up a domain connected samba server for domain users. The folder that I would like to share is itself mounted from another server using a cifs mount using the following parameters:

cat /etc/fstab:

//path/to/host/folder /mnt/mountfolder cifs credentials=/root.sambafile,rw,user,uid=0,gid=10502,dir_mode=0770,file_mode=0770,user_xattr,acl 0 0

10502 is my 'Domain Admins' group on the local host.

previously, the mount has been chowned to root:Domain Admins with 0770 permissions.

Now I would like to share this folder in the network to domain users. my smb.conf contains the following settings

[global]
   workgroup = AD
   security = ADS
   realm = AD.MYDOMAIN.DE

   winbind refresh tickets = yes
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

   dedicated keytab file = /etc/krb5.keytab
   kerberos method = secrets and keytab

   winbind use default domain = yes

   # Default ID mapping configuration for local BUILTIN accounts
   # and groups on a domain member. The default (*) domain:
   # - must not overlap with any domain ID mapping configuration!
   # - must use a read-write-enabled back end, such as tdb.
   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   # - You must set a DOMAIN backend configuration
   # idmap config for the SAMDOM domain
   idmap config AD : backend = rid
   idmap config AD : range = 10000-999999

   template shell = /bin/noshell
   template homedir = /home/smbusers/%U

   username map = /etc/samba/user.map

And specifically:

[Mountfolder]
   path = /mnt/mountfolder
   read only = no

This works and the folder is shown when trying to access it in windows. However, when trying to modify the ACS from windows, [Security], e.g. deleting access from the 'everyone' group, I get an 'access denied' error trying to set the acls.

When sharing a folder that has not been mounted, everything works as expected. Is there any modification that has to be done on the mount option in order to allow for an individual ACL managed by samba?

What alternatives do I have?

Thank you for your help!

Megauser

Posted 2020-02-21T22:59:47.313

Reputation: 11

No answers

Asked: 2020-02-21T22:59:47.313

Viewed: 22 times

Active: 2020-02-21T22:59:47.313