[Samba] Setup and configure file shares with Windows ACLs
L.P.H. van Belle
belle at bazuin.nl
Wed Jun 25 07:19:10 MDT 2014
this is a nice starter.
https://wiki.samba.org/index.php/WIP/Beginner_HowTo_-_SOHO_business_server
but on my system that will create a directory that is owned by
>root:root
>and have 0755 permissions.
>Not very helpful as trying to configure the Windows ACLs later gets a
>"permission denied" error.
is this on the member server then,
add in smb.conf
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/samba_usermapping
and in the file samba_usermapping
!root = DOMAIN\Administrator DOMAIN\administrator
Dont forget to add the needed privileges on the member server.
Louis
>-----Oorspronkelijk bericht-----
>Van: hlangos-samba at innominate.com
>[mailto:samba-bounces at lists.samba.org] Namens Henrik Langos
>Verzonden: woensdag 25 juni 2014 13:57
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Setup and configure file shares with Windows ACLs
>
>When reading the wiki page about setting up new shares there is some
>information missing.
>
>https://wiki.samba.org/index.php/Setup_and_configure_file_share
>s_with_Windows_ACLs
>
>The information I am missing most here is which posix.1 ACLs to set
>after creating the shares directory.
>
>There is only
># mkdir -p /srv/samba/Demo/
>
>but on my system that will create a directory that is owned by
>root:root
>and have 0755 permissions.
>Not very helpful as trying to configure the Windows ACLs later gets a
>"permission denied" error.
>
>Also the "root" group shows up as unknown account (S-1-22-2-0) in the
>Security tab.
>
>We'd probably want to set it to something useful like "Domain
>Users", right?
>But which posix user should we set?
>Is root OK or should that also be changed to a genuine Windows user?
>
>
>And how do you get the appropriate uid / gid numbers for chown if you
>don't have winbind, sssd, nslcd, or something like it installed to do a
>mapping on that machine?
>
>I know how to get to the appropriate numbers if winbind is
>installed on
>the server.
>
># wbinfo -n "Domain Users"
>S-1-5-21-1358803832-2400073699-459451966-513 SID_DOM_GROUP (2)
># wbinfo -Y S-1-5-21-1358803832-2400073699-459451966-513
>10001
># chown :10001
>
>
>I also know how to get those numbers from ADUC *IF* the groups/users
>involved have
>their posix attributes set up by ADUC (or at least have their
>NIS domain
>set).
>
>But what is the canonical way to get that information? ldbsearch?
>ldapsearch?
>I'd like to put that information on the wiki, so the more generic the
>better.
>
>cheers
>-henrik
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list