[Samba] Samba using Server 2k3 DC for auth and ACL permissions
Michael Adam
obnox at samba.org
Mon Jul 27 14:11:44 MDT 2009
Michael Heydon wrote:
> Blotto wrote:
> >only users listed in the smb.conf file for that share
> >have access regardless of the acl permissions set
> >
> Maybe I'm not reading this right, but I think that is how it is supposed
> to work.
>
> When you define which users can access a share that is checked when they
> attempt to connect, file system ACLs will only come in to play after the
> user has been granted access to the share.
Precisely.
If a user can't pass the smb.conf/share level acls, then
specially file system acls have no effect for this user -
samba-wise.
Cheers - Michael
> >[Admin]
> > path = /media/Shared/
> > read only = no
> > create mode = 0700
> > directory mode = 0700
> > nt acl support = yes
> > acl map full control = yes
> > admin users = @MY+fileserveradmin
> > valid users = @"MY+Domain Users"
> > browseable = true
> >
> So are you trying to grant Fred (for example) access to the files, even
> though he isn't a member of "MY\Domain Users" (probably a bad example
> since all users are likely to be in that group)?
>
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20090727/046672ba/attachment.pgp>
More information about the samba
mailing list