[Samba] Samba+ACL+w2k domain

[nix_kot]

Hi, nix.

> I have set up samba as a member of w2k the domain, has made Share with
> ACL support. I distribute the rights through Windows "ticks"
> sucsessfully. But I can not be remove them - windows says that "You can
> not remove the user  because this object is inheriting permission from
> his parent...". After I remove inheritence on the share user still stays
> in the ACL withoue any permissions.
> Windows writes, that these rights are as though inherited. I do not
> know, that I do not so.

> FreeBSD 6.2
> Samba Version 3.0.28
> heimdal 1.0.1

> Samba config:
> [global]
>     workgroup = MYDOMAIN
>     security = domain
>     server string = ws01 Samba Server
>     netbiosname = ws01

>     local master = no
>     domain master = no
>     preferred master = no
>     dns proxy = no

>     display charset = koi8-r
>     unix charset = koi8-r
>     dos charset = cp866

>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     winbind cache time = 15
>     winbind enum users = Yes
>     winbind enum groups = Yes

>     hosts allow = 192.168.0. 192.168.1. 127.
>     bind interfaces only = Yes
>     interfaces = 192.168.0.125

>     log file = /var/log/samba/log.%m
>     max log size = 50

>     load printers = no

> #============================ Share Definitions
> ==============================
> [store]
>    comment = qwerty!

>    path = /store
>    read list = "@MYDOMAIN\Domain Users"
>    write list = "@MYDOMAIN\Domain Admins"
>    admin users = "@MYDOMAIN\Domain Admins", MYDOMAIN at adm
>    read only = No
>    create mask = 700
>    directory mask = 700
>    inherit owner = yes
>    inherit acls = yes
>    inherit permissions = yes
>    map acl inherit = yes
>    locking = nophotoarch


Anybody help me please!....

-- 
Best regards,
 nix_kot                          mailto:nix_kot at mail.ru