1
In short: I have mounted a CIFS folder from a remote server. I would now like to share this folder with my local samba server, which is part of a domain, using windows ACLs. Is this possible? How would I be able to share this folder and set individual ACLS on it?
More specifically; I have followed the samba Tutorial to set up a domain connected samba server for domain users. The folder that I would like to share is itself mounted from another server using a cifs mount using the following parameters:
cat /etc/fstab:
//path/to/host/folder /mnt/mountfolder cifs credentials=/root.sambafile,rw,user,uid=0,gid=10502,dir_mode=0770,file_mode=0770,user_xattr,acl 0 0
10502 is my 'Domain Admins' group on the local host.
previously, the mount has been chowned to root:Domain Admins with 0770 permissions.
Now I would like to share this folder in the network to domain users. my smb.conf contains the following settings
[global]
workgroup = AD
security = ADS
realm = AD.MYDOMAIN.DE
winbind refresh tickets = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# - You must set a DOMAIN backend configuration
# idmap config for the SAMDOM domain
idmap config AD : backend = rid
idmap config AD : range = 10000-999999
template shell = /bin/noshell
template homedir = /home/smbusers/%U
username map = /etc/samba/user.map
And specifically:
[Mountfolder]
path = /mnt/mountfolder
read only = no
This works and the folder is shown when trying to access it in windows. However, when trying to modify the ACS from windows, [Security], e.g. deleting access from the 'everyone' group, I get an 'access denied' error trying to set the acls.
When sharing a folder that has not been mounted, everything works as expected. Is there any modification that has to be done on the mount option in order to allow for an individual ACL managed by samba?
What alternatives do I have?
Thank you for your help!