[Samba] PDC + BDC +ACL Questions
TRAPPE
trappe.vincent at laposte.net
Thu Dec 23 05:31:28 GMT 2004
Hello everybody,
I've have some question and problems to finalize a installation for 1
PDC and 6 BDC on debian sarge with samba-3.0.9-1, 2.4.27 custom kernel
with acl support and ldap and smbldap-tool for store users account. I
use xfs fs with acls support for users share.
Everything working fine, (authentification, acl, ...), I would like,
firts congratulate the samba team for the great job they made !!!!!
This is my questions :
Does anyone know if use XFS is a good choice the couple samba+acls ?
Do i need to use winbind, if i use just samba servers and windows
clients ?
Maybe it's a bug id don't I've noticed than the min "password length =
3" doesn't change anything on the configuration but doing pdbedit -P
"min password length" -C 3, solve the issue.
Regarding ACLs, when i setup a permission for a user or a group, always
group Everyone, CREATOR OWNER, CREATOR GROUP, appear even no permission
are defined, it's normal ? Maybe it's mapping from UNIX POSIX ACLs ?
In Windows XP, when i want set premission on a directory, on advanced
security tab,i can't uncheck the radio button "inherit parent
object....", it's normal ?
Also, i would like to give a name for the home directory automatically
mounted in Windows XP/2000 explorator, or a mapped network drive, For
example "User directory of %u", i don't know how to do it, does anyone
knows how to do it ?
Thanks for any help you can give.
Vincent
-------------- next part --------------
#bal parameters
[global]
workgroup = BIC
netbios name = CARANGUE
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = true
panic action = /usr/share/samba/panic-action %d
interfaces = eth0,lo
bind interfaces only = Yes
min passwd length = 3
log level = 2
nt acl support = yes
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Dos charset = 850
Unix charset = LOCALE
name resolve order =wins bcast hosts
obey pam restrictions=no
os level = 65
preferred master = Yes
domain master = Yes
local master = Yes
domain logons = Yes
wins support = Yes
#LDAP CONFIGURATIO
passdb backend = ldapsam:ldap://127.0.0.1/
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=bic,dc=pf
ldap suffix = dc=bic,dc=pf
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap uid=10000-20000
idmap gid=10000-20000
idmap backend = ldap://127.0.0.1
ldap filter = (uid=%u)
ldap delete dn = No
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
nt acl support = yes
printcap name = cups
deadtime = 10
guest account = nobody
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
winbind enum users = yes
winbind enum groups = yes
show add printer wizard = yes
[homes]
comment = repertoire de %U, %u
volume = Repertoire utilisateur
read only = No
create mask = 0644
directory mask = 0775
valid users =%U
browseable = No
[netlogon]
comment= Network Logon service
path = /home/samba/netlogon/
read only = yes
browseable = No
share modes = no
[profiles]
comment= Profile Share
path = /home/samba/profiles
browseable = No
csc policy = disable
force user = %U
read only = No
writable = yes
create mask = 0600
directory mask = 0700
profile acls = yes
# next line allows administrator to access all profiles
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
[print$]
path = /home/samba/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
comment = Repertoire public
path = /home/samba/public
volume = Repertoirer public yo
browseable = Yes
read only = No
#map acl inherit = Yes
security mask = 0777
inherit acls = no
public = yes
writable = yes
valid users = @"Domain Users"
create mask = 0700
directory mask = 0700
directory security mask = 0700
admin users =@"Domain Admins"
force unknown acl user = yes
[data]
comment = Repertoire de donnee
path = /home/samba/data
browseable = Yes
guest ok = Yes
valid users = @"Domain Users"
write list = @"Domain Users"
read only = No
directory mask = 0775
create mask = 0664
More information about the samba
mailing list