RE [Samba] Samba, win xp and acls

spu at corman.be spu at corman.be
Thu Aug 4 15:31:16 GMT 2005 

Hi,

samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
04/08/2005 17:26:59 :

> Hello all,
>
> I'm working and searching for a few days to obtain this result :
>
> * I want to share some directories between differents users and groups
> (windows XP clients) using a minimum but efficient configuration with
> samba and posix acls.
> * I would like that users windows configuration stay on locals machines
> (no roaming accounts),
> * When registering users and computers on the domain, users must keep
> there configuration,
> * I want to manage users and groups using srvtools.exe
>
>
> I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC.
>
> My problems are :
> * On windows (with administrator account), some directories don't have
> the acl (security) panel,
> * On other directories, the panel is present but I cannot modify
> permissions,

If you specify that the admin user is root, the administrator user don't
have the right to admin the system.

> * Users configurations are never stored locally,
> * Creating new users with srvtools not possible,
> * How to keep old users windows configuration when entering the domain ?
> * No way to find a good tutorial answering my needs...

SAMBA-HOWTO-COLLECTION and samba by-example in samba web-site

>
>
>
> Here is my configuration :
>
>
> smb.conf :
> ------------------------------------------------
> [global]
>    interfaces = 192.168.1.120/24
>    enable privileges = yes
>    nt acl support = yes
>
>    security = user
>
>    netbios name = FSERVER
>    workgroup = FWSERVER
>    passdb backend = tdbsam
>    server string = File Server
>
> add user script = /usr/sbin/useradd -m '%u'
> add group script = /usr/sbin/groupadd '%g'
> add user to group script = /usr/sbin/usermod -G '%g' '%u'
> add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
>
>
> logon script = scripts\logon.bat
> logon path =
> logon drive = H:
> domain logons = yes
> username map = /etc/samba/smbusers
>
> admin users = root
>
>    socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
>
>    encrypt passwords = yes
>
>    wins support = yes
>
>    os level = 50
>    domain master = yes
>    local master = yes
>    preferred master = yes
>
>    name resolve order = lmhosts host wins bcast
>
>    preserve case = yes
>    short preserve case = yes
>
>    unix password sync = yes
>
>   passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>
> [public]
>    writable = yes
>    path = /share/public
>    public = yes
>    create mode = 0777
>    directory mask = 0777
>    admin users = root
>    nt acl support = yes
>
> [technique]
>    writable = yes
>    path = /share/technique
>    public = no
>    create mode = 0770
>    directory mask = 0770
>    valid users= @technique, @admins
>    admin users = root
>    nt acl support = yes
>
> [stagiaires]
>    writable = yes
>    path = /share/stagiaires
>    public = no
>    create mode = 0770
>    directory mask = 0770
>    valid users= @stagiaires, @admins
>    admin users = root
>    nt acl support = yes
>
> [secretariat]
>    writable = yes
>    path = /share/secretariat
>    public = no
>    create mode = 0770
>    directory mask = 0770
>    valid users= @secretariat @admins
>    admin users = root
>    nt acl support = yes
>
> [finances]
>    writable = yes
>    path = /share/finances
>    public = no
>    create mode = 0770
>    directory mask = 0770
>    valid users = @finances @admins
>    admin users = root
>    nt acl support = yes
> -------------------------------------------------------------------
>
>
> My groupmaps seems to be good :
>
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) -> admins
> Power Users (S-1-5-32-547) -> -1
> Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) -> -1
> Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> admins
> Domain Users (S-1-5-21-3171617769-241562045-158900556-513) -> ntusers
> Account Operators (S-1-5-32-548) -> -1
> Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) -> secretariat
> Technique (S-1-5-21-3171617769-241562045-158900556-3005) -> technique
> Finances (S-1-5-21-3171617769-241562045-158900556-3007) -> finances
> Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) -> stagiaires
> Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
>
>
>
> Thx for help.
>
> Max
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

More information about the samba mailing list