[Samba] Setup and configure file shares with Windows ACLs

L.P.H. van Belle belle at bazuin.nl
Wed Jun 25 07:19:10 MDT 2014


this is a nice starter.

https://wiki.samba.org/index.php/WIP/Beginner_HowTo_-_SOHO_business_server 

but on my system that will create a directory that is owned by 
>root:root 
>and have 0755 permissions.
>Not very helpful as trying to configure the Windows ACLs later gets a 
>"permission denied" error.

is this on the member server then, 
   add in smb.conf 

  # user Administrator workaround, without it you are unable to set privileges
   username map = /etc/samba/samba_usermapping

and in the file samba_usermapping
!root = DOMAIN\Administrator DOMAIN\administrator

Dont forget to add the needed privileges on the member server.


Louis



>-----Oorspronkelijk bericht-----
>Van: hlangos-samba at innominate.com 
>[mailto:samba-bounces at lists.samba.org] Namens Henrik Langos
>Verzonden: woensdag 25 juni 2014 13:57
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Setup and configure file shares with Windows ACLs
>
>When reading the wiki page about setting up new shares there is some 
>information missing.
>
>https://wiki.samba.org/index.php/Setup_and_configure_file_share
>s_with_Windows_ACLs
>
>The information I am missing most here is which posix.1 ACLs to set 
>after creating the shares directory.
>
>There is only
># mkdir -p /srv/samba/Demo/
>
>but on my system that will create a directory that is owned by 
>root:root 
>and have 0755 permissions.
>Not very helpful as trying to configure the Windows ACLs later gets a 
>"permission denied" error.
>
>Also the "root" group shows up as unknown account (S-1-22-2-0) in the 
>Security tab.



>
>We'd probably want to set it to something useful like "Domain 
>Users", right?
>But which posix user should we set?
>Is root OK or should that also be changed to a genuine Windows user?
>
>
>And how do you get the appropriate uid / gid numbers for chown if you
>don't have winbind, sssd, nslcd, or something like it installed to do a
>mapping on that machine?
>
>I know how to get to the appropriate numbers if winbind is 
>installed on 
>the server.
>
># wbinfo -n "Domain Users"
>S-1-5-21-1358803832-2400073699-459451966-513 SID_DOM_GROUP (2)
># wbinfo -Y S-1-5-21-1358803832-2400073699-459451966-513
>10001
># chown :10001
>
>
>I also know how to get those numbers from ADUC *IF* the groups/users 
>involved have
>their posix attributes set up by ADUC (or at least have their 
>NIS domain 
>set).
>
>But what is the canonical way to get that information? ldbsearch? 
>ldapsearch?
>I'd like to put that information on the wiki, so the more generic the 
>better.



>
>cheers
>-henrik
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list