[Samba] ACL on groups working half
Trimble, Ronald D
Ronald.Trimble at unisys.com
Tue Mar 28 19:42:54 GMT 2006
Is this an AD group? If so, what type?
From: samba-bounces+ronald.trimble=unisys.com at lists.samba.org
[mailto:samba-bounces+ronald.trimble=unisys.com at lists.samba.org] On
Behalf Of Tjaco Mast
Sent: Tuesday, March 28, 2006 10:57 AM
To: samba at lists.samba.org
Subject: [Samba] ACL on groups working half
Hi all Samba users,
For some I've got a Samba server running with the following config:
Debian Sarge 2.6.8 kernel
Samba 3.0.21 with winbind and LDAP as ADS member server
A W2K003 PDC
Samba's data partition is ext3 + ACL
I've migrated my users homedirs and profiledirs from W2K003 to Samba.
These each user owns his own homedir and has rwx------ permissions
This seems to be working excelent.
Then I made a groupshare open for everyone. The directory it points to
is closed for all domain users.
No one can access this share.
As I add domain-user tjaco with rwx by ACL (useing
share-properties-security in windows or setfacl on linux) tjaco has
instant access to the share.
Now I add tjaco to group mygroup useing MMC (tjaco shows up as a
groupmember of mygroup doing: getent group)
I remove tjaco from the ACL and add mygroup with rwx to ACL
Tjaco has NO access anymore
As I add group 'domain users' (which tjaco is a member of) with rwx to
ACL tjaco has access again.
This keeps me baffeled for some weeks now.
Furthermore I recall haveing read something about the importance of the
SYSTEM group that should be added to the ACL but I don't understand how.
SYSTEM is not a normal or builtin ADS group.
Who can help?
Thanks in advance, Tjaco
To unsubscribe from this list go to the following URL and read the
More information about the samba