[Samba] PDC + BDC +ACL Questions

TRAPPE trappe.vincent at laposte.net
Thu Dec 23 05:31:28 GMT 2004

Hello everybody,

	I've have some question and problems to finalize a installation for 1
PDC and 6 BDC on debian sarge with samba-3.0.9-1, 2.4.27 custom kernel
with acl support and ldap and smbldap-tool for store users account. I
use xfs fs with acls support for users share. 
	Everything working fine, (authentification, acl, ...), I would like,
firts congratulate the samba team for the great job they made !!!!!
This is my questions :
Does anyone know if use XFS is a good choice the couple samba+acls ?

	Do i need to use winbind, if i use just samba servers and windows
clients  ?

Maybe it's a bug id don't I've noticed than the min "password length =
3" doesn't change anything on the configuration but doing pdbedit -P
"min password length" -C 3, solve the issue.

Regarding ACLs, when i setup a permission for a user or a group, always
group Everyone, CREATOR OWNER, CREATOR GROUP, appear even no permission
are defined, it's normal ? Maybe it's mapping from UNIX POSIX ACLs ?
	In Windows XP, when i want set premission on a directory, on advanced
security tab,i can't uncheck the radio button "inherit parent
object....", it's normal ?

Also, i would like to give a name for the home directory automatically
mounted in Windows XP/2000 explorator, or a mapped network drive, For
example "User directory of %u", i don't know how to do it, does anyone
knows how to do it ?

Thanks for any help you can give.


-------------- next part --------------

#bal parameters
        workgroup = BIC
        netbios name = CARANGUE
        username map = /etc/samba/smbusers
        server string = Samba Server %v
        security = user
        encrypt passwords = true
	panic action = /usr/share/samba/panic-action %d
	interfaces = eth0,lo
	bind interfaces only = Yes
	min passwd length = 3
        log level = 2
        nt acl support = yes
        log file = /var/log/samba/log.%m
        max log size = 1000
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        Dos charset = 850
        Unix charset = LOCALE
	name resolve order =wins bcast hosts
	obey pam restrictions=no
	os level = 65
        preferred master = Yes
        domain master = Yes
	local master = Yes
        domain logons = Yes
        wins support = Yes

        passdb backend = ldapsam:ldap:// 
        ldap passwd sync = Yes
        ldap admin dn = cn=Manager,dc=bic,dc=pf
        ldap suffix = dc=bic,dc=pf
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        idmap uid=10000-20000
        idmap gid=10000-20000
        idmap backend = ldap://
	ldap filter = (uid=%u)
	ldap delete dn = No
	add user script = /usr/sbin/smbldap-useradd -a -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        # printers configuration
        printer admin = @"Print Operators"
        load printers = Yes
        nt acl support = yes
        printcap name = cups
        deadtime = 10
        guest account = nobody
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

	winbind enum users = yes
	winbind enum groups = yes 
        show add printer wizard = yes

	comment = repertoire de %U, %u
        volume = Repertoire utilisateur
	read only = No
        create mask = 0644
        directory mask = 0775
	valid users =%U
        browseable = No
	comment= Network Logon service
        path = /home/samba/netlogon/
	read only = yes	
	browseable = No
	share modes = no

	comment= Profile Share
	path = /home/samba/profiles
        browseable = No
	csc policy = disable
	force user = %U
	read only = No
        writable = yes
	create mask = 0600
        directory mask = 0700
        profile acls = yes
        # next line allows administrator to access all profiles 

        comment = Network Printers
        printer admin = @"Print Operators"
        guest ok = yes 
        printable = yes
        path = /home/spool/
        browseable = No
        read only  = Yes
        printable = Yes

        path = /home/samba/printers
        guest ok = No
        browseable = Yes
        read only = Yes
        valid users = @"Print Operators"
        write list = @"Print Operators"
        create mask = 0664
        directory mask = 0775

        comment = Repertoire public
        path = /home/samba/public
	volume = Repertoirer public yo
 	browseable = Yes
        read only = No
	#map acl inherit = Yes
	security mask = 0777
	inherit acls = no
 	public = yes
    	writable = yes
	valid users = @"Domain Users"
	create mask = 0700
	directory mask = 0700
	directory security mask = 0700
	admin users =@"Domain Admins"
	force unknown acl user = yes
        comment = Repertoire de donnee
        path = /home/samba/data
 	browseable = Yes
        guest ok = Yes
        valid users = @"Domain Users"
        write list = @"Domain Users"
        read only = No
        directory mask = 0775
        create mask = 0664

More information about the samba mailing list