[Samba] ACL Windows GUI to set permissions?
Rick Ruth
RRuth at sifcoplating.com
Fri Aug 13 22:07:41 GMT 2004
I am implementing Samba 3.05 (Suse Pro 8.2 Reiser File System) member
server as a file server on a Windows NT4 network with one NT server
(PDC). I am currently using WINS for name resolution on the network.
Shortly after adding the Samba member server, I will upgrade NT 4.0
server to Windows 2000 (need samba server to alleviate some nasty disk
space constraints). The Samba member server is going into an NT4
domain, but will probably be upgraded to active directory shortly (when
I get around to it.)
Samba appears to be working properly. I am using winbind based identity
resolution, and just about everything seems to be doing well.
Access/permissions to various shares appears to be working properly.
I would like to configure network share security via Windows, as I am
much more familiar with it. I realize I need to set file permissions
locally on linux as well as the share, and that there is not an exact
correspondence. One of the reference documents gave me the impression I
could manage share security from a windows machine, and I presumed they
were recommending it.
I have already set 'nt acl support = yes' in smb.conf file.
In Win2K, when I try to access the security properties on a Samba share
I have full rights to, all users are shown as not having any
permissions. If I attempt to change ACL information, the check boxes
get checkmarks, but when I close and re-open, all checkmarks are gone.
When I click the advanced button, permissions are shown accurately.
When I attempt to access security permissions on a directory (Samba
share) I have full rights on from a Windows NT server I get a "The
system cannot find the file specified" error message box.
Is this the way it should work? Should I use LDAP rather than winbind?
Is the Reiser file system causing my problems? Is there an easy utility
to copy directories and files from the NT server to the Samba server?
Also, root and admin don't seem to have rights at all, even though they
are mapped in the /etc/samba/smbusers file.
Config file listed below.
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/08/11 11:50:07
# Global parameters
[global]
workgroup = SP-CLE
security = DOMAIN
map to guest = Bad User
username map = /etc/samba/smbusers
client plaintext auth = No
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
smb ports = 139 445
name resolve order = lmhosts wins bcast hosts
wins server = 172.16.0.250
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group =
template shell = /bin/bash
winbind separator = +
map acl inherit = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[test]
path = /usr/s/test
valid users = SP-CLE+BABE
read only = No
Newbie written all over this one, eh?
Thanks for any help, suggestions, places to look, constructive
criticism.
More information about the samba
mailing list