[Samba] Adding additional groups to a file.
Wojciech Giel
wojtekgiel at gmail.com
Wed Apr 1 21:43:01 GMT 2009
Thanks it works well.
Wojciech
On Tuesday 31 March 2009 21:55:11 you wrote:
> You'll need to enable ACLs. I use Ubuntu but I used this guide to set up
> ACLs on my particular setup.
>
> http://aisalen.wordpress.com/2007/08/10/acls-on-samba/
>
> -----Original Message-----
> From: samba-bounces+masaog=fshac.com at lists.samba.org
> [mailto:samba-bounces+masaog=fshac.com at lists.samba.org] On Behalf Of
> Wojciech Giel
> Sent: Tuesday, March 31, 2009 3:24 PM
> To: samba at lists.samba.org
> Subject: [Samba] Adding additional groups to a file.
>
> Hi,
> I have installed and configured Samba as PDC with Heimdal kerberos and
> openLDAP as backend for both on debian lenny. But i stuck on groups.
> I have created a file in my home directory mapped to my documents. I can
> change rwx permission on linux and windows and it works perfectly. but this
> file has as a group my default group. this file should be read by users
> from
>
> accounting and managers group too. but when i want to add additional group
> in security tab i get access denied. What should I do to be able to add
> additional groups.
> thanx,
> Wojciech
>
> my
> smb.conf
> workgroup = EXAMPLE
> netbios name = cannibal
> server string = Linux PDC/KDC (Samba %v)
> realm = EXAMPLE.COM
> use kerberos keytab = yes
> use spnego = yes
>
> log file = /var/log/samba/%m.log
> max log size = 1000
> syslog = 1
> log level = 4
> utmp = Yes
>
> guest account = nobody
> map to guest = Never
> admin users = root addmachine vin @"Domain Admins"
> enable privileges = yes
>
> security = user
> encrypt passwords = true
> os level = 255
> local master = yes
> domain master = yes
> preferred master = yes
> domain logons = yes
>
> keepalive = 30
> time server = yes
> preserve case = yes
> short preserve case = yes
> case sensitive = no
> null passwords = no
>
> logon script = %U.bat
> logon path = \\cannibal\profiles$\%U\%a
> logon drive = G:
> logon home = \\cannibal\%U
>
> bind interfaces only = yes
> interfaces = eth0, lo
> hosts allow = 10.10.10. 127.
> wins support = yes
> dns proxy = yes
>
> passdb backend = ldapsam:ldaps://cannibal.example.com/
> ldap admin dn =
> cn=ldapmaster/admin at EXAMPLE.COM,ou=KerberosPrincipals,dc=example,dc=com
> ldap suffix = dc=hogwarth,dc=edu
> ldap group suffix = ou=groups
> ldap user suffix = ou=KerberosPrincipals
> ldap machine suffix = ou=computers
> ldap idmap suffix = sambaDomainName=EXAMPLE
> ldap ssl = On
> ldap delete dn = Yes
> idmap backend = ldap:ldaps://cannibal.example.com/
> idmap uid = 10000-25000
> idmap gid = 10000-25000
> Pam password change = yes
>
> ldap passwd sync = yes
> unix password sync = no
> passwd program = /usr/sbin/smbldap-passwd -u %u
>
> passwd chat = *New*password* %n *Retype*new*password* %n
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add user script = /usr/sbin/smbldap-useradd -m -a "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script
> = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> dos charset = cp852
> unix charset = iso8859-2
> display charset = LOCALE
> restrict anonymous = 0
>
> [homes]
> comment = Home Directories
> valid users = %S
> browseable = no
> writable = yes
> admin users = %u
> write list = %u
> read list = %u
> create mask = 0644
> directory mask = 0755
>
> [netlogon]
> path = /samba/netlogon
> writable = no
> browseable = no
> share modes = no
> admin users = @"Domain Admins"
>
> [profiles]
> path = /samba/profiles
> valid users = %U, "@Domain Admins"
> writeable = yes
> inherit permissions = yes
> create mask = 0644
> directory mask = 0755
More information about the samba
mailing list