[Samba] User directory shares with Samba, Winbind, and Win2k domain - Partial solution

Thu Aug 1 09:01:02 GMT 2002

Mats,

After a couple hours of reading and trial and error, this is what I got to work for me.

[username]
        path = /home/USERS/username
        writable = yes
        comment = User File Storage
        valid users = DOMIAN+username
        create mode = 0664
        directory mode = 0775
        browseable = no

Then on the directory structure it self I had to run a 'chown -R DOMAIN+username.DOMAIN+group userdir'  This set the file and group ownership of the directory to be assigned to those users and their group (or department) according to the NT/Win2k domain controllers authentication system.  Winbind is providing me with this authentication link.  Next I get to start messing with the actual directories and folders that hold the departmental and groups public and semi-public files.  I have not tested it yet, but I believe that assigning the public and semi public folder to the department head as owner and the department as group (DOMAIN+Depthead.DOMIAN+dept), then a 775 on the public and 770 on the semi public SHOULD grant the right permissions I need to the members of the department to modify the public and semi public files, as well set the desired permissions on the semi public, where the group can see and modify, but the rest of the company can not.

This is how I am trying to make it work with Samba+winbind and Win2k authentication. I hope you are able to find a solution that works for you.

Daniel Curry
IT Manager
Cariocas
625 Second Street 
Suite 201
San Francisco, CA 94107 
ph: 415-348-6516
fx: 415-348-6505 
cell: 510-579-6680

"If A equals success, then the formula is: A = X + Y + Z, 
X is work. Y is play. Z is keep your mouth shut." 
  - Albert Einstein

 -----Original Message-----
From: 	Mats Wallander [mailto:mats.wallander at ausystem.se] 
Sent:	Thursday, August 01, 2002 1:38 AM
To:	Daniel Curry
Subject:	RE: [Samba] User directory shares with Samba, Winbind, and Win2k domain - help deparately needed!

Hi Daniel,

We have exactly the same problem for our company, as we have bought a
solution
from another company, and they don't seem to be able to help us. In out case

we are moving to a AIX/Samba 2.2.3 platform using no winbind as this is not
available for AIX yet.
If winbind makes things easier we may change to Linux instead of AIX.

We understand that you cannot get the same access configuration as on a W2k
platform, but
hope that the Samba layer can override the Unix access control. (Using for
example write list and read list for
multiple groups, with different access rights).

We will inform you if we come up with good working ideas, and hope you can
return any experiences to us.

/Mats W

-----Original Message-----
From: Daniel Curry [mailto:dcurry at cariocas.com]
Sent: den 31 juli 2002 20:23
To: Samba (E-mail)
Subject: [Samba] User directory shares with Samba, Winbind, and Win2k
domain - help deparately needed!

I have a new samba install with winbindd running correctly.

I have moved folders from the old Win2k file server to this new file server.

I need to re-create the same permissions that the Win2k file server had for
the users.  The users were in groups, based upon departments.  Each
department head had RW priv to the department share and RO on each user's
sub directory.  Each user, of course, had RW on their own dirs.  The
Department dir/share was RO to the world.

I would like to recreate this, but am not certain how to, considering the
combination of Win2k Domain groups and users with unix/linux users and
groups.

Please help and advise.

Thanks

Daniel Curry
IT Manager
Cariocas
625 Second Street 
Suite 201
San Francisco, CA 94107 
ph: 415-348-6516
fx: 415-348-6505 
cell: 510-579-6680

"If A equals success, then the formula is: A = X + Y + Z, 
X is work. Y is play. Z is keep your mouth shut." 
  - Albert Einstein

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba