NT PDC & Samba

Mike Westkamper mjwestkamper at weiinc.com
Fri Nov 12 15:16:52 GMT 1999

Dear Peter Köhler and the others here,

Thank you so much for your help. This has been an exercise to get something to
work then building on each success. As Samba matures and Linux grows these
problems will be resolved in a more user friendly fashion I am sure.

All the effort is worth it though. I have a lot of servers and
Linux/Samba/Apache is an unbeatable cost/performance combination.


Peter Köhler wrote:

> Mike,
> good to hear the news. I guess from now on you will get along.
> Still, some advice on setting unix rights for shares.
> >From my point of view it is not desirable to set up shares with
> world read/write access - in particular if normal unix logons
> (telnet or so) are enabled.
> My suggestion is to set up the shares with group read/write access
> - i.e. 770 - and create a unix group corresponding to each share
> which contains all the users that should have access to that particular
> share. This still has the problem that a user may make a file belonging
> to him read only and no other group member can make this writable
> again. If this is not the desired behaviour then you will have to create
> a fake user for each share and use the force user directive to let
> samba carry out all file operations under that user.
> Best regards
> Peter
> ----------------------
> Dr. Peter Koehler +++ IDAS GmbH
> Holzheimer Str. 96 +++ D-65549 Limburg +++ Germany
> Phone: +49-6431-404-14 +++ Fax: +49-6431-404-10
> eMail: koehler at idas.de
> ----- Original Message -----
> From: Mike Westkamper
> To: koehler at idas.de
> Cc: Multiple recipients of list SAMBA-NTDOM
> Sent: Thursday, November 11, 1999 11:49 PM
> Subject: Re: NT PDC & Samba
> Thanks for your help. I am one step closer. The linux/samba box will allow
> me to see the shares if I logged onto the NT domain.  Two steps were
> vital... The creation of the entry in the NT domain controller for the linux
> box AND logging on to the domain, not onto my system as a local
> administrator. This now sounds obvious, however the steps can be trickey.
> One problem remains.. the ability to write to the shares.
> here is a snip from smb.conf
> ---------------------------------
> [public]
>         path = /public
>         read only = No
>         guest ok = Yes
> --------------------------------
> What I want to do is to allow all domain users the ability to read/write the
> public share.
> I have set up the directory as follows...
> [root at auxfs /]# dir -l
> drwxr-xr-x   2 root     root         2048 Oct 15 15:29 bin
> drwxr-xr-x   3 root     root         1024 Oct 15 15:35 boot

More information about the samba-ntdom mailing list