[Samba] Request for ACL experiences
phillipd at oem.doe.gov
Wed Oct 29 20:13:42 GMT 2003
I'm having trouble with ACL's and wonder how many others are too. I see
conflicting answers and comments about different aspects of ACL's from
many prople on the list. I was wondering if ANYONE is successfully
using ACL's with Samba 3.0 or above.
Questions I have that I'm sure many are asking are:
Was your Samba server configured as the DC?
What client OS were you setting ACL's on the Samba Share with? (Win2000,
XP) What service pack (SP4 on Win2000???)
Did you have to have the ACL kernel patch?
Did you need "nt acl support = yes" in each share definition?
How did you setup your shares? (Working share Examples are good)
Did you have to use the "server Tools" downloaded from microsoft or
could you simply right click on a file/folder and change the security ACL's?
How are you verifying the ACL's actually work? Did you fully test any
ACL you set through Windows by actually trying to make a user access a
file to see that his access matched the ACL you set.
What was the scope of what you could really do with ACL's?
What didn't work with ACL's that you thought should?
Are you compareing the windows ACL's to the output of getfacl?
Could you use ACL's to add users to Samba printers?
How did you add Samba printers as Domain resources so you could add
ACL's to them? Or did you need to do this?
Did you have to do any setfacl commands in Linux?
Did you have to run winbind?
Did you have to do any "net groupmap" commands to make ACL's work?
I.E. net groupmap modify ntgroup="Domain Admins" unixgroup=root
Were there any commands/configurations you had to use to make ACL's work
that were not covered in the 3.0 HowTo?
I think we could use some real world working examples here. Please be
VERY explicit and complete with concrete examples. Assume those reading
your answers are NOT experts! If you see any missing questions that you
think might be useful to using ACL's, please add them!
More information about the samba