Linux "NT" fileserver to interact with an NT PDC (including ACL a nd group permissions)

[Paul Rogers]

Hi,

I've been using samba for ages now on my workstation to interact with our NT
network. I rather foolishly suggested that we should have a Linux fileserver
with a RAID-5 system, instead of the NT PDC because it is starting to become
overworked (ahhhh Windows can't cope - again!). I've setup Samba 2.0.3
correctly to authenticate with our NT PDC on my workstation and all is
hunky-dory until someone mentioned about NT's ACLs and Group permissions. It
is required by the powers above me that any Group Permissions setup on the
NT PDC are adhered to by the fileserver (in this case to be a Linux box
running samba).

Now this is the crunch bit (because the solution may or may not have
appeared on this list before - I apologise if this is a repeated question).
If I have an NT fileserver and a Linux fileserver (running SMB), I setup a
folder within a share that is created on both machines. Within this folder I
place three files (on to both the NT and Linux server). On the NT
fileserver, I can change the permissions by changing what groups/users have
Read, Change, etc... control in the Permissions tab in the Properties window
(right click on the file). Also I can change Group membership on the NT PDC
and the NT server will follow what the Group lists say on the NT PDC. Can I
do the same with the Linux fileserver (i.e. changing the permissions on each
file so that they are different - i.e. varying groups have varied degrees of
access to the files).

Imagine:

PDC:

Group called Sales which has user1 and user2 belonging to it
Group called Tech which has user3 and user4 belonging to it

NT:

Home directories shared as \\testbox\home from C:\HOME
Directory called products - C:\HOME\products (\\testbox\home\products)
Under NT I can modify the permissions on the products directory to be
readable by the group Tech and read-write access to the group Sales.
Therefore everyone else has no access to this directory.

Linux:

Home directories shared as \\testbox2\home from /home
Directory called products - /home/products (\\testbox2\home\products)
Under Linux how would I setup samba to have multiple permissions setup over
multiple groups, because under linux, you can have users belonging to
multiple groups, but files / directories can only be owned by one group. The
products directory would belong to the group Sales hence owned by
user1.Sales and the permissions in octal would be 770 disallowing access
from everyone. But this will not allow for the technical group to have
read-only access

Is it possible for a samba share on linux to be able to use the NT
Groups/Permissions setup on the PDC?

You're confused aren't you? - I know I am!

	Paul Rogers,
	Development Analyst.

	For and on behalf of MIS Corporate Defence Solutions Limited

	Tel:	44 (0)1622 723400	Switchboard
		44 (0)1622 723422	Direct Line
	Fax:	44 (0)1622 728690

	e-mail : paul.rogers at mis-cds.com <mailto:paul.rogers at mis-cds.com>
	web site : <http://www.mis-cds.com>

The information contained in this message or any of its attachments may be
privileged and confidential and intended for the exclusive use of the
addressee. If you are not the addressee any disclosure, reproduction,
distribution or other dissemination or use of this communications is
strictly prohibited. If you have received this transmission in error, please
contact our Security Manager on 44 (0) 1622 723400.