[Samba] ACL Windows GUI to set permissions?

Rick Ruth RRuth at sifcoplating.com
Fri Aug 13 22:07:41 GMT 2004 

I am implementing Samba 3.05 (Suse Pro 8.2 Reiser File System)  member
server as a file server on a Windows NT4 network with one NT server
(PDC).  I am currently using WINS for name resolution on the network.  

 

Shortly after adding the Samba member server, I will upgrade NT 4.0
server to Windows 2000 (need samba server to alleviate some nasty disk
space constraints).  The Samba member server is going into an NT4
domain, but will probably be upgraded to active directory shortly (when
I get around to it.)

 

Samba appears to be working properly.  I am using winbind based identity
resolution, and just about everything seems to be doing well.
Access/permissions to various shares appears to be working properly.

 

I would like to configure network share security via Windows, as I am
much more familiar with it.  I realize I need to set file permissions
locally on linux as well as the share, and that there is not an exact
correspondence.  One of the reference documents gave me the impression I
could manage share security from a windows machine, and I presumed they
were recommending it.

 

I have already set 'nt acl support = yes' in smb.conf file.  

 

In Win2K, when I try to access the security properties on a Samba share
I have full rights to, all users are shown as not having any
permissions.  If I attempt to change ACL information, the check boxes
get checkmarks, but when I close and re-open, all checkmarks are gone.
When I click the advanced button, permissions are shown accurately.

 

When I attempt to access security permissions on a directory (Samba
share) I have full  rights on from a Windows NT server I get a "The
system cannot find the file specified" error message box.

 

Is this the way it should work?  Should I use LDAP rather than winbind?
Is the Reiser file system causing my problems?  Is there an easy utility
to copy directories and files from the NT server to the Samba server?

 

Also, root and admin don't seem to have rights at all, even though they
are mapped in the /etc/samba/smbusers file.

 

Config file listed below.

 

# Samba config file created using SWAT

# from 127.0.0.1 (127.0.0.1)

# Date: 2004/08/11 11:50:07

 

# Global parameters

[global]

      workgroup = SP-CLE

      security = DOMAIN

      map to guest = Bad User

      username map = /etc/samba/smbusers

      client plaintext auth = No

      log level = 1

      syslog = 0

      log file = /var/log/samba/log.%m

      smb ports = 139 445

      name resolve order = lmhosts wins bcast hosts

      wins server = 172.16.0.250

      ldap ssl = no

      idmap uid = 10000-20000

      idmap gid = 10000-20000

      template primary group = 

      template shell = /bin/bash

      winbind separator = +

      map acl inherit = Yes

 

[homes]

      comment = Home Directories

      valid users = %S

      read only = No

      browseable = No

 

[test]

      path = /usr/s/test

      valid users = SP-CLE+BABE

      read only = No

 

 

Newbie written all over this one, eh?

 

Thanks for any help, suggestions, places to look, constructive
criticism.

More information about the samba mailing list