[Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixed domain?

Anthony J. Breeds-Taurima tony at cantech.net.au
Tue Dec 10 02:08:00 GMT 2002 

On Mon, 9 Dec 2002, Jacob Malmberg wrote:

> Neat. How did you do that, any how-to or something? Im really stuck with 
> this problem. Those sid packages you are talking about, what are those and 
> where do I find them. I hope you help me out on this one as Im really 
> bugged.

I can tell you roughly what I did.  If you need clarification then don't
hesitate to ask.

0) Install woody to your satisfaction.

1) Modified my /etc/apt/preferences file to:
   ---
   Package: *
   Pin: release l=Debian-Security
   Pin-Priority: 999
   
   Package: *
   Pin: release a=stable
   Pin-Priority: 600
   
   Package: *
   Pin: release a=unstable
   Pin-Priority: 500
   ---
   and add the appropriate unstable lines to /etc/apt/sources.list.
   The only reason I need the unstable lines and the apt preferences is to get
   the current acl/attr libraries prepackaged.  I don't see that I need to do
   extra work (especially when a nice DD has done it for me).

2) follow the instructions at: http://acl.bestbits.at/steps.html
   for a new install.  I only varied it by using the prepackaged .debs
   for acl/attr (including the -dev packages).

3) After booting into the new kernel (in my case 2.4.19, As set there aren't
   any patches for 2.4.20) and mounting /home with the "acl" option.
   I testing {set,get}facl and all was good.

4) I then build samba from source.   I was doing 2.2.6-pre1 but I've since
   upgraded to 2.2.7 with no issues.

5) From there I followed the instructions in "man 8 winbindd" to get the 
   winbind daemon working and join the domain.  I then tested ssh and
   {set,get}facl with the DOMAIN_user accounts.  Once I had that working
   (actually there was nothing to do it just worked)  I tried
   setting/adding/removing ACLS from a win2k box.  

   So far the only problem I've come across is the 8 (of 2000 odd) accounts
   don't have a an rid to convert name->sid.  This would be more of a problem
   if the accounts weren't going to be deleted in about 3 days.  

I also have enabled quota support in the kernel and samba and that works
great!

Yours Tony

   Jan 22-25 2003           Linux.Conf.AU            http://linux.conf.au/
		  The Australian Linux Technical Conference!

More information about the samba mailing list