[Samba] Unofficial Samba+ACL howto

John H Terpstra jht at samba.org
Tue Apr 22 15:23:47 GMT 2003


Buchan,

Please would you update me with your sources for the HOWTO stuff you are
doing. With your consent I'd like to use this material to update the
Samba-HOWTO-Collection. You can download the latest version of that
document from:

http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf

The sources for this document have been committed to the HEAD branch docs
tree. I am hoping to complete the bulk of new additions be tonigh my time.
The next step will involve a complete review for correctness and
completeness before 3.0.0 ships.

You efforts are much appreciated.

Cheers,
John T.

On Tue, 22 Apr 2003, Buchan Milne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Date: Mon, 21 Apr 2003 17:39:56 +1200
> > From: Paul Eggleton <bluelightning at bluelightning.org>
> > To: samba at lists.samba.org
> > Subject: [Samba] Unofficial Samba+ACL howto
> > Message-ID: <200304211739.56852.bluelightning at bluelightning.org>
> > Content-Type: text/plain;
> >   charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Precedence: list
> > Message: 11
> >
> > Hi all,
> >
> > As promised, I have started a howto document on setting up Samba with
> NT ACL
> > support, based on experiences in my workplace, as documentation for this
> > seems to be on the short side at the moment.
> >
> > It is available at the following address:
> >
> > http://www.bluelightning.org/linux/samba_acl_howto
> >
> > I have yet to convert it to proper DocBook format, and it needs more
> material
> > (probably corrections, too). Please feel free to comment.
> >
> > Cheers,
> > Paul Eggleton
>
> Of course, your HOWTO is RedHat Linux-specific. On both SuSE and
> Mandrake, implementing ACLs is substantially easier, as nothing needs to
> be compiled.
>
> Mandrake version:
>
> 2)Install Mandrake. If you are using 8.2 or earlier, use XFS as
> filesystem on the filesystems that you would like to use ACLs on. For
> Mandrake 8.0 and earlier, you will have to build your own kernel, and
> rebuild the samba SRPMs available on the samba FTP mirrors with ACL
> support, which is documented in the README.txt file.
>
> Note that the kernel shipping with 9.1 does not have ACLs enabled (see
> http://qa.mandrakesoft.com/show_bug.cgi?id=3615), but it should be
> possible to use the kernel from 9.0 updates.
>
> 2.3)If using ext3 (Mandrake 9.0 kernel), enable acl on the filesystems
> you with to use ACLs on.
>
> 2.4)urpmi samba-server. If you would like LDAP support, get ldap-enabled
> RPMs for Mandrake (8.0 through 9.1) on the samba FTP mirrors.
>
> All Mandrake samba packages since those shipped with 8.1 have ACL
> support available by default.
>
> 2.5.2)Mandrake 9.1 ships with packages of samba3 (alpha22) in contrib,
> add a contrib source (using urpmi.setup, which you may need to install
> with urpmi) and:
>
> # urpmi samba3-server
>
> samba3 and samba are setup to co-exist on Mandrake 9.1, but you will
> have to take some steps to run them simultaneously.
>
> 2.5.3) See
> http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind and
> http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf
>
> 3.1.3)On XFS, xfsdump natively archives ACLs. If you are using tar (for
> example with amanda) you can dump your ACLs to file, and backup the file
> you dumped the ACLs to.
>
>
>
> Some people asked about LDAP/ACLS etc. Jim Collings has been working on
> a howto for a Samba/LDAP PDC (concerning just one server), which is just
> about finished (if he agrees, I will host it temporarily for review
> until it is published). While reviewing his document this weekend, I
> decided to write one covering the LDAP slave/BDC side of things (we have
> been running a setup with LDAP-Samba PDC/BDC for almost 3 months now). I
> have just made it available for review at:
>
> http://ranger.dnsalias.com/samba-ldap-advanced.html
>
> Please note it is a work in progress, and I only connected samba3 to the
> LDAP server last night for the first time ...
>
> Original plan was to publish on http://mandrakesecure.net as a follow-up
> to the first Unix-based article on LDAP there, but I could look at
> including it with samba.
>
> Anyway, getting the ACL bit working with LDAP is no different than
> without LDAP, as long as your are using nss_ldap on the samba server. I
> have not experimented without using nss_ldap ... but it may not be
> possible or desirable.
>
> Regards,
> Buchan
>
> - --
> |--------------Another happy Mandrake Club member--------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
> Stellenbosch Automotive Engineering         http://www.cae.co.za
> GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
> 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+pVQtrJK6UGDSBKcRAgwvAJwP5uzDS4sgVJp9wTr6c3HWckW/pwCgoIwo
> wemRqufdXcmw9a/WDG9q6Ts=
> =Zu9R
> -----END PGP SIGNATURE-----
>
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list