[Samba] samba 3.5.5 and ACL mod
suresh.kandukuru at emc.com
suresh.kandukuru at emc.com
Wed Sep 29 03:22:47 MDT 2010
ensure that
nt acl support= yes
dos filemode= yes
for a given share in smb.conf
and for mmc access assign SeDiskOperatorPrivilege to the samba users
/usr/local/sama/bin/net sam rights grant "samba username" SeDiskOperatorPrivilege
if it is in domain
/usr/local/sama/bin/net sam rights grant domain\\username SeDiskOperatorPrivilege
Hope this helps
-Suresh
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Sebastian.Perkins at swisscom.com
Sent: Wednesday, September 29, 2010 2:01 PM
To: drescherjm at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba 3.5.5 and ACL mod
>>On Tue, Sep 28, 2010 at 12:14 PM, <Sebastian.Perkins at swisscom.com> wrote:
>>>Hello,
>>>
>>> We are in the middle of testing debian squeeze 64 bits with samba 3.5.5 >>and are running into some questions:
>>>
>>> 1) Is this solution OK with windows 7 "out of the box" (ie no >>hacking/modifications to do on the pc) ? I have tested it seems so but I >>would like a confirmation.
>>
>>You still need the registry change from here:
>>http://wiki.samba.org/index.php/Windows7
We are using security=user to challenge local passwords and not a domain (maybe later...).
>> >
>> > 2) Despite massive googling, I have not found a correct smb.conf >> >> >> configuration to change ACL statuses on shares (or even subfolders/files) >> via a windows based mmc (xp or vista). Yes, the IT people are not into >> >> SWAT or Webmin. It is stated possible. Are there any pointers or special >> issues I have missed with this version?
>> >
>> You need idmap to work for acls to even begin to work as you expect.
>> You also need either acls enabled in the host filesystem and / or use
>> the acl_xattr module.
Testbed is using xfs so what I understand it that acls are already embedded. Later we will use nfs shares, at this time in v3 which must be updated to v4 for acls.
Do I still need idmap in this situation ? the doc seems quite domain oriented with this sort of config.
My goal is to permit acl based on the local unix users (just created by useradd and smbpasswd -a).
Sebastian
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list