[Samba] Having problem with "valid users" in Active Directory/Samba environment

Bjoern Meier bjoern.meier at googlemail.com
Sat Feb 13 10:41:38 MST 2010


2010/2/13 Eric Peterson <ericrpeterson at sbcglobal.net>:
> Dale,
> I was hoping that there was someone out there who:
> a) uses Samba integrated with Active Directory, and

we do

> b) successfully uses the Samba permissions to allow "domain admin" members
> access to the shares of "domain users" from XP workstations.
> To narrow the scope of the troubleshooting, I am looking for a known working
> smb.conf  configuration that supports this.
> Then I can make sure my smb.conf uses a similar configuratation and, if the
> problem persists, focus my troubleshooting on other areas.

we also do. I though i've described the way we done this. Samba +Ext3
both a supporting ACLs.
Here some hints

- You can add access right for a specific folders with setfacl -R -m
u:domain/administrator:rwx <folders> AND setfacl -R -m
default:u:domain/administrator:rwx <folders>
- Then: Samba Creates home-directories  like /home/DOMAIN/user we
create a share homesdir with path =/home/DOMAIN + valid user =
@DOMAIN/administrators (the user directories are for they personal
- we also have a share /data/profiles in which Windows creates the
roaming profiles. You may guess we have this share read and writes for
all domain members.
- we tell windows (with  the domain security policy) to add the
administrator with full access to all profiles

What more information do you need?


More information about the samba mailing list