[Samba] username map and ACL behavior

Takafumi Yonekura takafumi.yonekura at isilon.com
Thu Jun 22 03:42:16 GMT 2006


I have question about username map and ACL.

I'm using samba 3.0.11( with winbind) on FreeBSD 5.3.
samba is AD member and that server provide NFS service.
NFS user uses NIS.

Because each user's windows's username and NIS username is different,
 we use username map like following.
unix0001 = win0001
unix0002 = win0002

When win0001 makes file, that file is created as unix0001's file.
win0001 can read/write unix0001 's file. It's OK.

Then win0001 add ACL which allow win0002 to write to that file from
samba add ACL as "win0002".

In this case, win0002 can not write that file because 
win0002 is treated as unix0002. That file doesn't have unix0002's ACL.

On the other hand, user can not add ACL of unix user because
there is no unix user on AD.

Did anyone have same situation? If you have good idea to solve it,
or you know newer version samba solves it,  please let me know.


Takafumi Yonekura |  Technical Specialist
Isilon Systems K.K.    Phone 050-3387-9278  Fax  03-5728-3587
www.isilon.jp     takafumi.yonekura at isilon.com

  The Leader in Clustered Storage

More information about the samba mailing list