[Samba] Restricting access to [homes]
steve at steve-ss.com
Wed May 23 07:30:07 MDT 2012
On 23/05/12 13:40, NdK wrote:
> Il 23/05/2012 09:11, Jorell ha scritto:
> exit 0
> I've had to obtain DOMAIN\domin_users gid before chown or it gave an
> error (maybe due to a clash from a trusted domain -- still trying to
> understand how can it happen).
> And I'm still having issues with setfacl (I never used ACLs before, so I
> have to study a bit).
> BTW it's been a great leap forward!
If the gidNumber for the gid is stored in AD (as the 2008 and samba4
schema allow) then there can be no clash. It is then no problem in
extracting it and applying it using normal /etc/nsswitch.conf format.
Look in ldap rather than winbind. e.g. using nss-pam-ldapd.
passwd: files ldap
group: files ldap
with /etc/nslcd.conf something like:
map passwd uid samAccountName
map passwd homeDirectory unixHomeDirectory
map group uniqueMember member
With ldapd/nslcd running, you can chown and chmod using the names of the
AD groups and users exactly as advertised in getent passwd or wbinfo
calls. It is then reflected perfectly by the filer. OK, with samba4 and
cifs/s3fs there are currently a few problems but under 3.6 it maps
More information about the samba