[Samba] samba file server in active directory domain - manage acls

Mikael Kermorgant mikael.kermorgant at gmail.com
Thu Oct 16 12:18:13 GMT 2008


Hello,

I'm considering moving our windows shares (2003 domain) to a samba server,
to improve performance, setup clustering and use scheduled lvm snapshots.
However, I've not clarified how our current security policy would be applied
on this server and like to ask you some things (sorry, I'm sure they already
have been posted but there is so much on this topic to read I prefer to ask
again)

Currently, we manage security on our shares by :
* giving full control to everybody at the "share" level
* restricting rights at the "security" level

By switching to samba, we face a set of challenges :

* Joining the domain and retrieving users and groups from the windows domain
to the samba server.
As I know, this is ok and is well done with winbind

* Changes to our security policy. We will have to manage security at the
linux/samba level and this raises some questions:
- is it still possible to keep the security management at the file level (by
giving full control at the share level and thus eliminating botherings on
this side) ? I know there are some limitations when mapping posix acls to
windows one but that might be acceptable.

- I've tried to manage posix acls on ext3 via konqueror which I could find a
good alternative to windows' gui but I'd prefer a web front end. Would you
have some nice web gui to recommend ?

Thanks in advance,

Regards,

-- 
Mikael Kermorgant


More information about the samba mailing list