[Samba] Setup and configure file shares with Windows ACLs
hlangos-samba at innominate.com
Wed Jun 25 05:57:07 MDT 2014
When reading the wiki page about setting up new shares there is some
The information I am missing most here is which posix.1 ACLs to set
after creating the shares directory.
There is only
# mkdir -p /srv/samba/Demo/
but on my system that will create a directory that is owned by root:root
and have 0755 permissions.
Not very helpful as trying to configure the Windows ACLs later gets a
"permission denied" error.
Also the "root" group shows up as unknown account (S-1-22-2-0) in the
We'd probably want to set it to something useful like "Domain Users", right?
But which posix user should we set?
Is root OK or should that also be changed to a genuine Windows user?
And how do you get the appropriate uid / gid numbers for chown if you
don't have winbind, sssd, nslcd, or something like it installed to do a
mapping on that machine?
I know how to get to the appropriate numbers if winbind is installed on
# wbinfo -n "Domain Users"
S-1-5-21-1358803832-2400073699-459451966-513 SID_DOM_GROUP (2)
# wbinfo -Y S-1-5-21-1358803832-2400073699-459451966-513
# chown :10001
I also know how to get those numbers from ADUC *IF* the groups/users
their posix attributes set up by ADUC (or at least have their NIS domain
But what is the canonical way to get that information? ldbsearch?
I'd like to put that information on the wiki, so the more generic the
More information about the samba