[Samba] ACLS without winbind (but WITH correct user mapping)

Colin Fowler cfowler at scss.tcd.ie
Fri Jun 22 04:50:04 MDT 2012

On 22/06/12 11:46, steve wrote:
> On 22/06/12 11:41, Colin Fowler wrote:
>> On 21/06/12 17:50, Jeremy Allison wrote:
>>> On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:
>> Am I corect in thinking that this is something that would be desireable
>> for others and not just me and my rather oddball configuration? For
>> people using standalone servers, NSS/LDAP etc and any other places where
>> winbind is not used, this would be a rather useful feature, no?
> Hi Colin, Hi Jeremy
> I don't think it's so oddball. We also use nss for our rfc2307 
> mappings from the S4 directory for Linux clients joined to the domain. 
> It works perfectly via NFS to Linux but acls on shares on s3fs between 
> Linux and windows are not quite right.
> Colin: Are you talking about setting an acl on windows and it being 
> honoured by Linux and vica versa?
> Jeremy: are you saying that acl mappings 'both ways' only work with 
> winbind?
> If so, a big +1 from me to get the 'both' ways working. Very 
> desirable. Maybe this will get easier when we can put stuff like 
> create mode= and force group= in smb.conf.
> Cheers,
> Steve

Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a 
domain user and for it to be honoured in Linux for the mapped Unix user. 
Currently if I set an ACL in Linux for the Unix user, it actually 
appears correctly in the security dialog box on windows. I just can't 
set a new ACL from Windows.


More information about the samba mailing list