[Samba] Adding users to dirs, acl

Keith Sudbury keith-lists at netzensolutions.com
Thu Aug 28 14:31:51 GMT 2008 

John Drescher wrote:
> On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury
> <keith-lists at netzensolutions.com> wrote:
>   
>> I have some users I was to allow access to  a dir, I know I will need to
>> setup ACL's however when this is done can I add users to dirs like I can in
>> windows?
>>
>>     
> Yes, this works for me. Make sure your idmap is working.
>
> Here is what works for me on a test domain called YOUR_DOMAIN
>
> [global]
>         idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS
>         idmap config YOUR_DOMAIN:backend  = nss
>         idmap config YOUR_DOMAIN:readonly = yes
>         idmap config TRUSTEDDOMAINS:default = yes
>         idmap config TRUSTEDDOMAINS:backend = tdb
>         idmap config TRUSTEDDOMAINS:range   = 10000 - 50000
>         idmap alloc backend      = tdb
>         idmap alloc config:range = 10000 - 50000
>
> BTW, I am using ldap with this PDC
> [global]
>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>         delete user script = /usr/sbin/userdel -r "%u"
>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>         delete group script = /usr/sbin/groupdel "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>
>         ldap admin dn = cn=Manager,dc=example,dc=net
>         ldap delete dn = Yes
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=Computers
>         ldap suffix = dc=example,dc=net
>         ldap ssl = no
>         ldap user suffix = ou=Users
>
>         ldapsam:trusted = yes
>         ldapsam:editposix = yes
>
>
>
>
> John
>   

Ah I am using winbind, I can chown dir's with domain users etc. I can 
even set rwx etc with setfacl -m u: "DOMAIN\user":rwx file

However it does not seem to see the acls from windows... also i can't 
edit them from the windows server via the security tab it gives me 
access denied, any ideas why? do I need to map my AD administrator 
account to root so it will have perms to edit file system perms?? Or am 
I missing some thing... Would be great to be able to edit the perms from 
Windows tbh.

Cheers
Keith

More information about the samba mailing list