[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC

steve steve at steve-ss.com
Sun May 19 01:57:56 MDT 2013

On Sun, 2013-05-19 at 09:14 +0200, Ulrich Schneider wrote:
> Hm, your alternative (understanding windows acls) seems not much better 
> to me.
> Yesterday it seemed to work ... until I deleted a folder created by an 
> administrator as a ordinary user.
> Do I get this right? valid users = @group ... so @group could be any 
> group in the Active Directory?

Oh no, I'm certain it's no better. I favour it because I've wasted so
much time trying to understand what the smb.conf 'something = <value>'
syntax does in Linux terms. It struck me one day that what those options
are doing are altering the acl's on the shares.

As far as I can see, the windows administrator creates files as:
 Administrator: Domain\ Users
If there is group rw on the share where he created the file then any
user in Domain\ Users (all users by default) would be able to delete it.

I made the mistake in believing that the domain admin on windows was
like root on Linux. Nope.

More information about the samba mailing list