[Samba] ACL -Manage with Windows security tab?
Keith Sudbury
keith at netzensolutions.com
Fri Aug 8 09:58:09 GMT 2008
John Drescher wrote:
> On Thu, Aug 7, 2008 at 8:10 PM, Keith Sudbury <keith at netzensolutions.com> wrote:
>
>> Hi Guys,
>>
>> I am attempting to configure AC:L's I have enabled it in smb.conf for my
>> share and remounted my fs with acl enabled. However if I attempt to edit
>> security permissions for the group "Domain Users" it creates two more group
>> "CREATOR GROUP" and "CREATOR OWNER" and refreshes the security properties
>> and then just resets the tick boxes i had selected.
>>
>> I have attached a screenshot of the windows security tab, here is the share
>> aprt of my smb.conf
>>
>> # scratch space // Sneakernet // ***NOT BACKED UP***
>> [Scratch]
>> comment = Sneakernet
>> path = /home/scratch
>> public = no
>> writable = yes
>> browseable = yes
>> follow symlinks = yes
>> force group = "Domain Users"
>> nt acl support = yes
>> create mask = 770
>> directory mask = 770
>>
>>
>>
>>
> Have you configured idmap?
>
>
> Here is what I have for a test domain called YOUR_DOMAIN
>
> idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS
> idmap config YOUR_DOMAIN:backend = nss
> idmap config YOUR_DOMAIN:readonly = yes
> idmap config TRUSTEDDOMAINS:default = yes
> idmap config TRUSTEDDOMAINS:backend = tdb
> idmap config TRUSTEDDOMAINS:range = 10000 - 50000
> idmap alloc backend = tdb
> idmap alloc config:range = 10000 - 50000
>
>
> John
>
Hi John,
I have...
security = ads
passdb backend = tdbsam
password server = server01.mydomain.local
realm = MYDOMAIN.LOCAL
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
winbind enum users = yes
obey pam restrictions = yes
I will test what you pasted above in a VM.
Regards
--
Keith Sudbury
Netzen Solution Ltd
Suite 5, Piccadilly House, London Rd, Bath, BA1 6PL, UK
Mobile: +44 (0)7921464106
Tel: +44 (0)1225 588 588
Fax: +44 (0)1225 580 061
More information about the samba
mailing list