[Samba] Use Samba with ACL for read Active Directory and set Permissions via it.

Linda W samba at tlinx.org
Fri Dec 26 15:35:12 MST 2014

Jason Long wrote:
> Hello Folks.
> How are you?
> I joined my CentOS into Windows Domain and I want to give Permission to files and Directory via Active Directory. When I use "getent passwd" and "getent group", I can see All AD users and Groups. I use below command to give Permission to a Folder via ACL :
> setfacl -m g:"jasondomain\jason-rw":rwx /home/local/jasondomain/jason/test
> and I create a part for my "smb.conf" file :
> [Test]
> comment = test
> path = /home/local/jasondomain/jason/test
> browsable = yes
> inherit acls = yes
> inherit permissions = yes
> inherit owner = yes
> map acl inherit = yes
> acl check permissions = yes
> nt acl support = yes
> #valid users = %D\%S
> #write list = @jasondomain\domain^admins
> read only = no
> but when I browse the "Test" directory it ask me username and password and when I enter "jasondomain\jason" as username it can't let me to open the "Test" directory. What is the problem?
    Are you already logged into the server under different credentials,
like 'WORKGROUP', jason (i.e. do you already have some shares mounted?)

If I remember, Windows won't allow the same workstation to connect under
two different user id's.  If you already have something mounted from your
workstation with different credentials, you need to close (unmount / unmap)
those other connections.

Where did you setup the password for 'jasondomain\jason'?  Again, if you
didn't set a password, more modern versions of windows won't allow you to
login (or attach a share) remotely.

You don't say what happens when you try to open 'test'.  You say it 
can't let
you?  What error message does it give you? 

More information about the samba mailing list