[Samba] Samba+ACL+w2k domain

Фролов Иван Александрович adm at altapress.ru
Thu Feb 7 08:04:50 GMT 2008

I have set up samba as a member of w2k the domain, has made Share with
ACL support. I distribute the rights through Windows "ticks"
sucsessfully. But I can not be remove them - windows says that "You can
not remove the user  because this object is inheriting permission from
his parent...". After I remove inheritence on the share user still stays
in the ACL withoue any permissions.
Windows writes, that these rights are as though inherited. I do not
know, that I do not so.

FreeBSD 6.2
Samba Version 3.0.28
heimdal 1.0.1

Samba config:
    workgroup = MYDOMAIN
    security = domain
    server string = ws01 Samba Server
    netbiosname = ws01

    local master = no
    domain master = no
    preferred master = no
    dns proxy = no

    display charset = koi8-r
    unix charset = koi8-r
    dos charset = cp866

    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind cache time = 15
    winbind enum users = Yes
    winbind enum groups = Yes

    hosts allow = 192.168.0. 192.168.1. 127.
    bind interfaces only = Yes
    interfaces =

    log file = /var/log/samba/log.%m
    max log size = 50

    load printers = no

#============================ Share Definitions
   comment = qwerty!

   path = /store
   read list = "@MYDOMAIN\Domain Users"
   write list = "@MYDOMAIN\Domain Admins"
   admin users = "@MYDOMAIN\Domain Admins", MYDOMAIN at adm
   read only = No
   create mask = 700
   directory mask = 700
   inherit owner = yes
   inherit acls = yes
   inherit permissions = yes
   map acl inherit = yes
   locking = nophotoarch

More information about the samba mailing list