[Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Michael Adam]

Michael Heydon wrote:
> Blotto wrote:
> >only users listed in the smb.conf file for that share
> >have access regardless of the acl permissions set
> >  
> Maybe I'm not reading this right, but I think that is how it is supposed 
> to work.
> 
> When you define which users can access a share that is checked when they 
> attempt to connect, file system ACLs will only come in to play after the 
> user has been granted access to the share.

Precisely.

If a user can't pass the smb.conf/share level acls, then
specially file system acls have no effect for this user -
samba-wise.

Cheers - Michael

> >[Admin] 
> >        path = /media/Shared/ 
> >        read only = no 
> >        create mode = 0700 
> >        directory mode = 0700 
> >        nt acl support = yes 
> >        acl map full control = yes 
> >        admin users = @MY+fileserveradmin 
> >        valid users = @"MY+Domain Users" 
> >        browseable = true 
> >  
> So are you trying to grant Fred (for example) access to the files, even 
> though he isn't a member of "MY\Domain Users" (probably a bad example 
> since all users are likely to be in that group)?
> 
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20090727/046672ba/attachment.pgp>