[Samba] Unofficial Samba+ACL howto

Buchan Milne bgmilne at cae.co.za
Tue Apr 22 14:39:41 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Date: Mon, 21 Apr 2003 17:39:56 +1200
> From: Paul Eggleton <bluelightning at bluelightning.org>
> To: samba at lists.samba.org
> Subject: [Samba] Unofficial Samba+ACL howto
> Message-ID: <200304211739.56852.bluelightning at bluelightning.org>
> Content-Type: text/plain;
>   charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 11
>
> Hi all,
>
> As promised, I have started a howto document on setting up Samba with
NT ACL
> support, based on experiences in my workplace, as documentation for this
> seems to be on the short side at the moment.
>
> It is available at the following address:
>
> http://www.bluelightning.org/linux/samba_acl_howto
>
> I have yet to convert it to proper DocBook format, and it needs more
material
> (probably corrections, too). Please feel free to comment.
>
> Cheers,
> Paul Eggleton

Of course, your HOWTO is RedHat Linux-specific. On both SuSE and
Mandrake, implementing ACLs is substantially easier, as nothing needs to
be compiled.

Mandrake version:

2)Install Mandrake. If you are using 8.2 or earlier, use XFS as
filesystem on the filesystems that you would like to use ACLs on. For
Mandrake 8.0 and earlier, you will have to build your own kernel, and
rebuild the samba SRPMs available on the samba FTP mirrors with ACL
support, which is documented in the README.txt file.

Note that the kernel shipping with 9.1 does not have ACLs enabled (see
http://qa.mandrakesoft.com/show_bug.cgi?id=3615), but it should be
possible to use the kernel from 9.0 updates.

2.3)If using ext3 (Mandrake 9.0 kernel), enable acl on the filesystems
you with to use ACLs on.

2.4)urpmi samba-server. If you would like LDAP support, get ldap-enabled
RPMs for Mandrake (8.0 through 9.1) on the samba FTP mirrors.

All Mandrake samba packages since those shipped with 8.1 have ACL
support available by default.

2.5.2)Mandrake 9.1 ships with packages of samba3 (alpha22) in contrib,
add a contrib source (using urpmi.setup, which you may need to install
with urpmi) and:

# urpmi samba3-server

samba3 and samba are setup to co-exist on Mandrake 9.1, but you will
have to take some steps to run them simultaneously.

2.5.3) See
http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind and
http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf

3.1.3)On XFS, xfsdump natively archives ACLs. If you are using tar (for
example with amanda) you can dump your ACLs to file, and backup the file
you dumped the ACLs to.



Some people asked about LDAP/ACLS etc. Jim Collings has been working on
a howto for a Samba/LDAP PDC (concerning just one server), which is just
about finished (if he agrees, I will host it temporarily for review
until it is published). While reviewing his document this weekend, I
decided to write one covering the LDAP slave/BDC side of things (we have
been running a setup with LDAP-Samba PDC/BDC for almost 3 months now). I
have just made it available for review at:

http://ranger.dnsalias.com/samba-ldap-advanced.html

Please note it is a work in progress, and I only connected samba3 to the
LDAP server last night for the first time ...

Original plan was to publish on http://mandrakesecure.net as a follow-up
to the first Unix-based article on LDAP there, but I could look at
including it with samba.

Anyway, getting the ACL bit working with LDAP is no different than
without LDAP, as long as your are using nss_ldap on the samba server. I
have not experimented without using nss_ldap ... but it may not be
possible or desirable.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+pVQtrJK6UGDSBKcRAgwvAJwP5uzDS4sgVJp9wTr6c3HWckW/pwCgoIwo
wemRqufdXcmw9a/WDG9q6Ts=
=Zu9R
-----END PGP SIGNATURE-----

More information about the samba mailing list