[Samba] How do I apply active directory group policies to samba shares

Rob Tanner rtanner at linfield.edu
Tue Apr 11 23:13:43 GMT 2006


Thanks.  Getting that setup now brings me to the point of needing to 
further ask a question.  I am now able to set very specific permission 
on a folder, but at this point, I am only mapping to local groups.  That 
is, I can set permissions:

BERKELEY\its staff  <-- berkeley being the netbios of the local samba server

But I can't do:

CATNET\its staff   <-- CATNET being the group in Active Directory

Once I click apply in the properties dialogue box, the entry goes away.  
The whole idea here (if it's possible) is to avoid managing group 
memberships locally since that literally replicates Active Directory.

Is there a solution to this in the current release of Samba?


Jeremy Allison said the following on 04/11/2006 11:42 AM:

>On Tue, Apr 11, 2006 at 11:35:02AM -0700, Rob Tanner wrote:
>>We would like to aggregate departmental servers on to a single samba 
>>share called "departments" and under departments would be a set of 
>>folders corresponding to the departments.  Permissions need to be 
>>controlled by group memberships in active directory.  When I go into 
>>folder properties on an XP with the departments share mounted, under the 
>>security tab I see Administrators, Everyone and Users.  I can click add 
>>and add a domain group (e.g., "its staff"), and it gets added to the 
>>list of groups at the top.  I can set permissions, etc.  But when I 
>>click apply, the added group goes away.
>>What do I need to do to enable that functionality?
>You need to have POSIX ACLs enabled on the filesystem plus
>a Samba compiled with POSIX ACL support. Mount the filesystem
>(on SUSE) with the options "rw,acl,user_xattr"

More information about the samba mailing list