[Samba] AD issue....

Aaron J. Zirbes ajz at umn.edu
Mon Dec 3 16:01:39 GMT 2007 

I don't believe so.  The only share's you can control/manage remotely are through the following
smb.conf parameters:  I'm not sure if they support ACL changes as I have not used them myself.

(as of 3.0.27a)

add share command
change share command
delete share command

usershare allow guests
usershare max shares
usershare owner only
usershare path
usershare prefix allow list
usershare prefix deny list
usershare template share

Good luck!

--
Aaron

Michael Fernández M. wrote:
> El lun, 03-12-2007 a las 08:52 -0600, Aaron J. Zirbes escribió:
>> I believe you want @"domain users" not "@domain users"  (notice the placement of @)
>>
> yes, you believe the correct.... thanks
> 
> For example:
> 
> I share the directory: "eee" via samba.
> 
> smb.conf:
> 
> [eee]
>    comment = eee
>    browseable = y
>    path = /home/eee
>    public = yes
>    writable = yes
> 
> The diretory have the following permission:
> 
> drwxrwx--- 3 administrator g ingenieria  4096 2007-12-03 11:55 eee
> 
> 
> I have the following question, it is posible to set the permission via
> windows to a share?
> 
> I ask because when I map the share it works, i can create a directory on
> it, but when see the properties of a share in order to check the
> permissions i see:
> 
> Administrator (Unix user\Administrator)
> g ingenieria (Unix group\g ingenieria)
> 
> And when i try to add an other user i got "access is denied"
> 
> I've attached and image of the permissions on windows...
> 
> Thanks for the time guys...
> 
> Michael.-
> 
> 
>> --
>> Aaron
>>
>> Michael Fernández M. wrote:
>>> El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió:
>>>> Set "winbind use default domain = yes" in smb.conf if you want to change 
>>>> ownership of files to ad users using their actual name. If you don't set 
>>>> it, you should change the ownership using "domain+username" as the 
>>>> username which linux doesn't like much.
>>>>
>>>> If you want getent passwd/group to work please make sure that you have 
>>>> the below parameters in smb.conf though it has slight problems while 
>>>> maintaining large number of users.
>>>>
>>>> winbind enum users = yes
>>>> winbind enum groups = yes
>>> Yes, now is working, i can get the users an groups with getent passwd
>>>
>>> Thanks!!!!
>>>
>>> But i cannot set permissions to shares map via Windows, i have the
>>> folowing configuration in SMB.conf:
>>>
>>> drwxrwxrwx  3 administrator domain users  4096 2007-11-30 16:39 Domain
>>>
>>> [domain]
>>>    comment = domain
>>>    browseable = yes
>>>    path = /home/Domain
>>>    public = yes
>>>    writable = yes
>>>    valid users = '@domain users'  <<< This will work?
>>>
>>>
>>> Michael.-
>>>
>>>
>>>
>>>> This is not required if you are running "getent passwd <username>".
>>>>
>>>> --Sadique
>>>>
>>>> Michael Fernández M. wrote:
>>>>> Hi, i want to integrate AD + Samba3 via kerberos, every works great i
>>>>> get the users and groups with wbinfo -u and  wbinfo -g
>>>>> so in linux i cat set the permissions to a share using the AD's users..
>>>>> However when i try "getent passwd" I only get the system users and not
>>>>> the AD's users... in my nsswitch.conf i have:
>>>>>
>>>>> passwd:         files winbind
>>>>> group:          files winbind
>>>>> shadow:         files
>>>>> hosts:          files dns winbind
>>>>> networks:       files
>>>>>
>>>>>
>>>>> In the other hand on Windows when I try to set a permission to a share
>>>>> using I cannot set them, because i got Permission denied.
>>>>>
>>>>> The following  is my smb.conf:
>>>>>
>>>>> [global]
>>>>> security = ADS
>>>>> netbios name = andromaca
>>>>> realm = domain.tld
>>>>> encrypt passwords = yes
>>>>> password server = x.x.x.x
>>>>> workgroup = domain
>>>>> idmap uid = 10000-20000
>>>>> idmap gid = 10000-20000
>>>>> ldap ssl = no
>>>>> winbind separator = +
>>>>> template homedir = /home/%D/%U
>>>>> template shell = /bin/bash
>>>>> client use spnego = yes
>>>>>
>>>>> [ol]
>>>>>    comment = ol
>>>>>    browseable = yes
>>>>>    path = /home/ol
>>>>>    public = yes
>>>>>    writable = yes
>>>>>
>>>>> [lala]
>>>>>    comment = lala
>>>>>    browseable = yes
>>>>>    path = /home/ol/lala
>>>>>    public = yes
>>>>>    writable = yes
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> when i set the permissions on lala via linux to a specific AD user, and
>>>>> then on Windows I map that share with that user so can got it and can
>>>>> write, read, delete, etc.... 
>>>>>
>>>>> Anyone knows how can i do it in order to set the permissions via
>>>>> Windows?
>>>>>
>>>>> Thanks !!!!
>>>>>
>>>>> Michael.-
>>>>>
>>>>>
>>>>>   
>>>
> 
> 
>

More information about the samba mailing list