NethServer Version: 73.1611 all updates including 5th july 2017
Module: Samba 4 fileserver and AD
can not change the ACLs of a sub directory with windows 7 (ultimate 64bit). The ACLs from webconfig are there and new directory use them. so getfacl and windows explore are okay.
teh changes wil be lost (or ignored) somtime windows tells user had no rigth to chane the rigth and users.
if i change the rigths and userse via web the new sub dir had this ACL. I think filesystem and samba knows ACLs. The Windows7 PC is AD member and user is the AD admin.
Same problem with a fresh installation.
it sound like this bug but from the windows7 side.
did anyone had a idea?
my file server smb.conf
[global] # # 10base # workgroup = SBS server string = NethServer 7.3.1611 Final (Samba %v) security = ADS realm = SBS.URBANSKI.DE kerberos method = secrets and keytab netbios name = NETH # test reg support include = registry [global] # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 # Only bind to allowed NIC's bind interfaces only = yes interfaces = 127.0.0.1 192.168.38.0/24 hosts allow = 127.0.0.1 192.168.38.0/255.255.255.0 192.168.52.0/255.255.255.0 # Idle time before disconnecting the client deadtime = 10080 # Alias NETBIOS names, used to provide access to Samba via multiple hostnames netbios aliases = ; WINS setup (other server) wins server = remote announce = remote browse sync = ; Guest access (#1882). Shares must be guest-ok, to allow it. map to guest = Bad User ; create home dirs if missing (#5090) obey pam restrictions = yes # SambaAudit configuration full_audit:prefix = smbauditlog|%T|%u|%I|%S|%U full_audit:success = read write open unlink mkdir rmdir rename chmod full_audit:failure = read write open unlink mkdir rmdir rename chmod full_audit:facility = LOCAL7 full_audit:priority = INFO printing = cups printcap name = cups [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes use client driver = yes ; ; Home directories ; [homes] comment = Home directories browseable = no writable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 ; ; Added to support printer drivers download ; This share is writable according to Unix file permissions ; [print$] comment = Printer drivers path = /var/lib/nethserver/print_driver guest ok = yes browseable = yes writable = no [profiles] comment = roaming browsable = no path = /data/profiles read only = no store dos attributes = yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable # # 10base -- ibay neth-alle definition. # Required profile is "" # Applied profile is "default" # [neth-alle] path = /var/lib/nethserver/ibay/neth-alle comment = für alle angemeldeten user # 20profile_default: read only = no inherit permissions = yes ; Add group write bit to default create mask, remove DOS archive bit (see below) #2039 create mask = 0664 inherit owner = yes ; Use extended attribute to store DOS attributes (see man page) store dos attributes = yes map archive = no map readonly = no inherit acls = yes map acl inherit = yes guest ok = no browseable = yes # 90vfs_output vfs objects = recycle recycle: exclude_dir = /tmp,/temp,/cache recycle: repository = Recycle Bin recycle: versions = True recycle: keeptree = True recycle: touch = True recycle: directory_mode = 0770 recycle: exclude = *.tmp,*.temp,*.o,*.obj,~$*