[Samba] Samba 2.23 ACL support ?

Buchan Milne bgmilne at cae.co.za
Fri Sep 13 17:40:01 GMT 2002

> Message: 1
> From: "Narkar, Aashish (CAP, GCF)" <Aashish.Narkar at gecapital.com>
> To: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Date: Fri, 13 Sep 2002 09:55:48 +0200
> Subject: [Samba] Samba 2.23 ACL support ?

> 1) Installed linux and got samba 2.2.3a running on it
> 2) was able to create shares and access it from NT/2000
> 3) was able to add users dynamically
> 4) installed printers and shared it properly
> But, I am wondering, before moving to live, 
> a)	About ACL support on NT and how to simulate same thing on samba?

You need a kernel that supports ACLs, and you need to have samba 
compiled with ACL support.

Some distros (such as Mandrake 8.1 and later) ship with kernels that 
support ACLs on XFS, some (I think SuSE) support ACLs on ext3, Mandrake 
9.0 for example should support ACLs on both. The XFS team provides a 
replacement 1st CD for Redhat that supports ACLs, but I am not sure if 
they compile samba with ACL support or not.

> b)	Also how can i add users with all groups they are in it on the fly?

Global groups (beyond Domain Admin and Domain User) are not supported on 
2.2.x, but apparently they can be had by using tools from 3.0alpha on 
the 2.2.x server (smbgroupedit I think it was then, may have changed 
since then).

> c)	Using winbind how can I solve problems of ACLs??

You can't run winbind against a samba-2.2.x (well, at least any of the 
recent ones) DC. So, you are going to have to keep profiles on domain 
controllers, so your best bet is to use samba with LDAP backend, so you 
can have multiple DCs.

Using LDAP on the backend will also allow any domain admin to add 
machines to the domain (as opposed to only root when using the smbpasswd 

> As this project has got tight deadlines, I will be very much grateful to
> you, if you can help me solve these probs.

Then your best bet is probably to take the shortest route to getting 
ACLs and LDAP support. You can get samba RPMs for Mandrake 8.2 compiled 
for LDAP with ACL support from ftp.samba.org.


|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list