[Samba] Adding users to dirs, acl
Keith Sudbury
keith-lists at netzensolutions.com
Thu Aug 28 14:31:51 GMT 2008
John Drescher wrote:
> On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury
> <keith-lists at netzensolutions.com> wrote:
>
>> I have some users I was to allow access to a dir, I know I will need to
>> setup ACL's however when this is done can I add users to dirs like I can in
>> windows?
>>
>>
> Yes, this works for me. Make sure your idmap is working.
>
> Here is what works for me on a test domain called YOUR_DOMAIN
>
> [global]
> idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS
> idmap config YOUR_DOMAIN:backend = nss
> idmap config YOUR_DOMAIN:readonly = yes
> idmap config TRUSTEDDOMAINS:default = yes
> idmap config TRUSTEDDOMAINS:backend = tdb
> idmap config TRUSTEDDOMAINS:range = 10000 - 50000
> idmap alloc backend = tdb
> idmap alloc config:range = 10000 - 50000
>
> BTW, I am using ldap with this PDC
> [global]
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/userdel -r "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>
> ldap admin dn = cn=Manager,dc=example,dc=net
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap suffix = dc=example,dc=net
> ldap ssl = no
> ldap user suffix = ou=Users
>
> ldapsam:trusted = yes
> ldapsam:editposix = yes
>
>
>
>
> John
>
Ah I am using winbind, I can chown dir's with domain users etc. I can
even set rwx etc with setfacl -m u: "DOMAIN\user":rwx file
However it does not seem to see the acls from windows... also i can't
edit them from the windows server via the security tab it gives me
access denied, any ideas why? do I need to map my AD administrator
account to root so it will have perms to edit file system perms?? Or am
I missing some thing... Would be great to be able to edit the perms from
Windows tbh.
Cheers
Keith
More information about the samba
mailing list