I want to configure Samba to manage Windows ACL and manage them from Windows via the security tab.The Samba server is standalone and not part of an AD tree; i already followed various offical and unofficial guides but nothing seems to work.
The machine runs on a Debian 12 LXC on ZFS, the ZFS mountpoints do support ACL:
$ mount | grep aclrpool/data/subvol-107-disk-0 on / type zfs (rw,noatime,xattr,posixacl)rpool/data/subvol-107-disk-1 on /data/share1 type zfs (rw,noatime,xattr,posixacl)I did create a ZFS pool for each share, in this example is /data/share1.
Samba is version 4.17.9-Debian
The folder ACLs are already set:
$ ls -lah /data/share1/total 12Kdrwxrwxr-x+ 3 administrator administrator 3 Jul 24 13:13 .drwxr-xr-x 3 root root 3 Jul 24 11:09 ..drwxrwxr-x+ 2 administrator administrator 2 Jul 24 11:59 test$ getfacl /data/share1/getfacl: Removing leading '/' from absolute path names# file: data/share1/# owner: administrator# group: administratoruser::rwxuser:administrator:rwxgroup::r-xmask::rwxother::r-xI already configured the smb.conf appropriately:
[global] workgroup = CMC username map = /etc/samba/users.map server string = file-server log level = 5 log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d server role = standalone server obey pam restrictions = yes map to guest = bad user acl allow execute always = yes[homes] comment = Home Directories browseable = no map acl inherit = yes vfs objects = acl_xattr acl_xattr:ignore system acls = yes[share1] path = /data/share1/test guest ok = no comment = Cartella di test smb read only = no browseable = yes map acl inherit = yes vfs objects = acl_xattr acl_xattr:ignore system acls = no store dos attributes = yes inherit acls = yesFrom my tests if i use this configuration for the share:
map acl inherit = yes vfs objects = acl_xattr acl_xattr:ignore system acls = yesi get nothing from the Window security tab:
If i insted use linuxacl with this configuration:
map acl inherit = yes vfs objects = acl_xattr acl_xattr:ignore system acls = no store dos attributes = yes inherit acls = yesi get more feedback in the windows security tab
but it keeps giving me access denied if i try to edit ACLs from there.