[Samba] Samba, win xp and acls
Maxime Woznicki
maxime.woznicki at club-internet.fr
Thu Aug 4 15:26:59 GMT 2005
Hello all,
I'm working and searching for a few days to obtain this result :
* I want to share some directories between differents users and groups
(windows XP clients) using a minimum but efficient configuration with
samba and posix acls.
* I would like that users windows configuration stay on locals machines
(no roaming accounts),
* When registering users and computers on the domain, users must keep
there configuration,
* I want to manage users and groups using srvtools.exe
I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC.
My problems are :
* On windows (with administrator account), some directories don't have
the acl (security) panel,
* On other directories, the panel is present but I cannot modify
permissions,
* Users configurations are never stored locally,
* Creating new users with srvtools not possible,
* How to keep old users windows configuration when entering the domain ?
* No way to find a good tutorial answering my needs...
Here is my configuration :
smb.conf :
------------------------------------------------
[global]
interfaces = 192.168.1.120/24
enable privileges = yes
nt acl support = yes
security = user
netbios name = FSERVER
workgroup = FWSERVER
passdb backend = tdbsam
server string = File Server
add user script = /usr/sbin/useradd -m '%u'
add group script = /usr/sbin/groupadd '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
logon script = scripts\logon.bat
logon path =
logon drive = H:
domain logons = yes
username map = /etc/samba/smbusers
admin users = root
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
encrypt passwords = yes
wins support = yes
os level = 50
domain master = yes
local master = yes
preferred master = yes
name resolve order = lmhosts host wins bcast
preserve case = yes
short preserve case = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
[public]
writable = yes
path = /share/public
public = yes
create mode = 0777
directory mask = 0777
admin users = root
nt acl support = yes
[technique]
writable = yes
path = /share/technique
public = no
create mode = 0770
directory mask = 0770
valid users= @technique, @admins
admin users = root
nt acl support = yes
[stagiaires]
writable = yes
path = /share/stagiaires
public = no
create mode = 0770
directory mask = 0770
valid users= @stagiaires, @admins
admin users = root
nt acl support = yes
[secretariat]
writable = yes
path = /share/secretariat
public = no
create mode = 0770
directory mask = 0770
valid users= @secretariat @admins
admin users = root
nt acl support = yes
[finances]
writable = yes
path = /share/finances
public = no
create mode = 0770
directory mask = 0770
valid users = @finances @admins
admin users = root
nt acl support = yes
-------------------------------------------------------------------
My groupmaps seems to be good :
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) -> admins
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) -> -1
Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> admins
Domain Users (S-1-5-21-3171617769-241562045-158900556-513) -> ntusers
Account Operators (S-1-5-32-548) -> -1
Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) -> secretariat
Technique (S-1-5-21-3171617769-241562045-158900556-3005) -> technique
Finances (S-1-5-21-3171617769-241562045-158900556-3007) -> finances
Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) -> stagiaires
Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Thx for help.
Max
More information about the samba
mailing list