[Samba] How do I apply active directory group policies to samba
shares
Rob Tanner
rtanner at linfield.edu
Tue Apr 11 23:13:43 GMT 2006
Jeremy,
Thanks. Getting that setup now brings me to the point of needing to
further ask a question. I am now able to set very specific permission
on a folder, but at this point, I am only mapping to local groups. That
is, I can set permissions:
BERKELEY\its staff <-- berkeley being the netbios of the local samba server
But I can't do:
CATNET\its staff <-- CATNET being the group in Active Directory
Once I click apply in the properties dialogue box, the entry goes away.
The whole idea here (if it's possible) is to avoid managing group
memberships locally since that literally replicates Active Directory.
Is there a solution to this in the current release of Samba?
Thanks,
Rob
Jeremy Allison said the following on 04/11/2006 11:42 AM:
>On Tue, Apr 11, 2006 at 11:35:02AM -0700, Rob Tanner wrote:
>
>
>>Hi,
>>
>>We would like to aggregate departmental servers on to a single samba
>>share called "departments" and under departments would be a set of
>>folders corresponding to the departments. Permissions need to be
>>controlled by group memberships in active directory. When I go into
>>folder properties on an XP with the departments share mounted, under the
>>security tab I see Administrators, Everyone and Users. I can click add
>>and add a domain group (e.g., "its staff"), and it gets added to the
>>list of groups at the top. I can set permissions, etc. But when I
>>click apply, the added group goes away.
>>
>>What do I need to do to enable that functionality?
>>
>>
>
>You need to have POSIX ACLs enabled on the filesystem plus
>a Samba compiled with POSIX ACL support. Mount the filesystem
>(on SUSE) with the options "rw,acl,user_xattr"
>
>Jeremy.
>
>
More information about the samba
mailing list