On Tue, Apr 20, 2010 at 7:50 AM, Volker Lendecke <[email protected]> wrote: > On Tue, Apr 20, 2010 at 07:45:00AM -0400, Nico Kadel-Garcia wrote: >> I'm involved in a project to enforce NFSv4 ACL's across a variety of >> storage platforms, in particular NetApps sharing NFS. That works fiine >> with the NetApp NFS qtrees, but we'd like to share those with CIFS >> clients as well. This works, and restricts access the way we expect >> NFSv4 ACL's to work, but the Windows clients cannot view any of the >> security settings on the directories or files. > > The NetApp CIFS server should allow that, doesn't it?
Nope. I really, really wish it did. The relevant clients are Windows XP, if that has any role. And I've confirmed that the files and directories generated do follow the NFSv4 ACL policies. As a relatively ignorant user, I wonder if mapping for display might be considered too awkward. NFSv4 ACL's are storead as 'usern...@domain', rather than as 'username', and Windows doesn't seem to have the same concept of ordering of ACL's as NFSv4 has, so it could be pretty tricky. >> Cue the music, and enter Samba 3.5.2. I've reviewed various public >> notes on how to use NFSv4 ACL's on recent Samba (particularly those at >> http://www.sambaxp.org/files/SambaXP2009-DATA/Nils_Goroll.pdf), and >> installed Samba 3.5.2 on test servers. And I've set up shares with the >> following settings. >> >> [share] >> acl check permissions = False >> ea support = yes >> store dos attributes = yes >> map readonly = no >> map archive = no >> map system = no >> vfs objects = zfsacl > > What platform is your Samba server running on? Is this > Solaris? RHEL 5. It's why I've been writing lately about the tI've been avoiding Solaris as file servers since I wrote one of the first Samba ports for SunOS 4.1.2, way back in the 1990's. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
