# ZFS, Samba and ACL



## jyavenard (Feb 6, 2011)

Hi there.

Opening a new thread as all are marked as solved ; but trying what was mentioned there didn't help me one bit 

I have a FreeBSD 8.1 machine , running samba 3.5.6 ; a zpool of 14 with zfs filesytem 4.

Trying to export a zfs file system via samba, and set the ACLs using Windows.


```
server4# zfs list -o aclmode,aclinherit,mountpoint pool/data/shares/elec
    ACLMODE     ACLINHERIT  MOUNTPOINT
passthrough    passthrough  /pool/data/shares/elec
```

Here is my smb.conf

```
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = MEL
   netbios name = SERVER4
   realm = MEL.DOMAIN.COM

   server string = File Server
    security = ADS
    client use spnego = yes
    allow trusted domains = No
    map to guest = Bad User
    password server = 192.168.0.3
    client NTLMv2 auth = Yes
    map untrusted to domain = Yes
    log file = /var/log/samba/log.%m
    max log size = 50000
    unix extensions = No
    client signing = Yes
    load printers = No
    printcap name = /etc/printcap
    disable spoolss = Yes
    os level = 10
    local master = No
    domain master = No
    dns proxy = No
    hosts allow = 192.168.0., 192.168.1., 127.
    map acl inherit = Yes
    case sensitive = No

    winbind refresh tickets = Yes
    winbind offline logon = Yes
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind nested groups = No
    
    passdb backend = tdbsam
    idmap backend = ad
    idmap uid = 1000 - 200000
    idmap gid = 1000 - 200000
    winbind nss info = rfc2307

    template homedir = /export/home/%U

    #For mac client
    follow symlinks = yes
    wide links = yes
    unix extensions = no

    admin users = root, jean-yves.avenard

[elec]
    comment = "Electronic Team Share Drive"
    path = /pool/data/shares/elec
    browseable = Yes
    read only = No
    inherit permissions = Yes
    inherit acls = Yes
    inherit owner = Yes
    map archive = No
    map readonly = no
    vfs objects = zfsacl
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
```

Samba was compiled from ports using ACL support ; libsunacl is properly compiled too.

```
[root@server4 /usr/ports/net/samba35]# ldd /usr/local/sbin/smbd  | grep sunacl
	libsunacl.so.1 => /usr/local/lib/libsunacl.so.1 (0x801fb4000)
```

Now the weird thing is that I can edit the permission in windows. I get a warning window about the permission not being ordered properly.

The strangest thing however is that when I modify the permissions and add a windows group ; the second I press Apply : it disappear from the list. One second it's there, I validate : bang it's gone.

If I modify any of the unix permission showing in the windows permission editor, I see that it gets properly updated with getfacl.

Am I missing anything ?
Thanks in advance for your help

Kind regards
Jean-Yves


----------

