[Samba] samba 3.5.5 and ACL mod

Sebastian.Perkins at swisscom.com Sebastian.Perkins at swisscom.com
Wed Sep 29 02:31:07 MDT 2010

>>On Tue, Sep 28, 2010 at 12:14 PM,  <Sebastian.Perkins at swisscom.com> wrote:
>>> We are in the middle of testing debian squeeze 64 bits with samba 3.5.5 >>and are running into some questions:
>>> 1) Is this solution OK with windows 7 "out of the box" (ie no >>hacking/modifications to do on the pc) ? I have tested it seems so but I >>would like a confirmation.
>>You still need the registry change from here:

We are using security=user to challenge local passwords and not a domain (maybe later...).

>> >
>> > 2) Despite massive googling, I have not found a correct smb.conf >> >> >> configuration to change ACL statuses on shares (or even subfolders/files) >> via a windows based mmc (xp or vista). Yes, the IT people are not into >> >> SWAT or Webmin. It is stated possible. Are there any pointers or special >> issues I have missed with this version?
>> >
>> You need idmap to work for acls to even begin to work as you expect.
>> You also need either acls enabled in the host filesystem and / or use
>> the  acl_xattr module.

Testbed is using xfs so what I understand it that acls are already embedded. Later we will use nfs shares, at this time in v3 which must be updated to v4 for acls.

Do I still need idmap in this situation ? the doc seems quite domain oriented with this sort of config.

My goal is to permit acl based on the local unix users (just created by useradd and smbpasswd -a).



More information about the samba mailing list