[Samba] Setup and configure file shares with Windows ACLs

Henrik Langos hlangos-samba at innominate.com
Wed Jun 25 05:57:07 MDT 2014

When reading the wiki page about setting up new shares there is some 
information missing.


The information I am missing most here is which posix.1 ACLs to set 
after creating the shares directory.

There is only
# mkdir -p /srv/samba/Demo/

but on my system that will create a directory that is owned by root:root 
and have 0755 permissions.
Not very helpful as trying to configure the Windows ACLs later gets a 
"permission denied" error.

Also the "root" group shows up as unknown account (S-1-22-2-0) in the 
Security tab.

We'd probably want to set it to something useful like "Domain Users", right?
But which posix user should we set?
Is root OK or should that also be changed to a genuine Windows user?

And how do you get the appropriate uid / gid numbers for chown if you
don't have winbind, sssd, nslcd, or something like it installed to do a
mapping on that machine?

I know how to get to the appropriate numbers if winbind is installed on 
the server.

# wbinfo -n "Domain Users"
S-1-5-21-1358803832-2400073699-459451966-513 SID_DOM_GROUP (2)
# wbinfo -Y S-1-5-21-1358803832-2400073699-459451966-513
# chown :10001

I also know how to get those numbers from ADUC *IF* the groups/users 
involved have
their posix attributes set up by ADUC (or at least have their NIS domain 

But what is the canonical way to get that information? ldbsearch? 
I'd like to put that information on the wiki, so the more generic the 


More information about the samba mailing list