[Samba] Samba 4 as NT4-style PDC on Ubuntu Trusty 14.04
Klaus Hartnegg
hartnegg at gmx.de
Fri May 16 02:10:17 MDT 2014
On 16.05.2014 09:37, mourik jan heupink - merit wrote:
> As far as I know, samba4 can behave _exactly_ like samba3, if you don't
> configure it to use Active Domain. So, it should (as far as I know)
> basically be a up-t-date drop-in replacement for samba3, as long as you
> don't change your smb.conf.
I am also using Samba 4.1.6 of Ubuntu 14.04 as NT4-style domain
controller. Works great!
As far as I remember I had to edit smb.conf to contain "server role =
classic primary domain controller", and add "acl allow execute always =
true", or set the x-bit on executable files (or all files). Also Ubuntu
14.04 does not have the group 'nobody' any more, so I had to switch to
'nogroup'.
I followed this description:
http://www.pascal-hacker.de/info/it/sw/ubuntu/pdc.htm
Hint: If you have xattr support in the Linux filesystem, it is very
advisable to not do chown or setfacl in Linux, but instead set the
permissions in Windows (scriptable with icacls). This is much more flexible.
If you don't know the strange syntax of icacls, you can use the script
below. It can be used like
setacl.cmd s:\subdir root:admin sales:write finance:read
All rights are inherited to subdirectories.
To stop inheritance in one place: icacls s:\dir\subdir /inheritance:r
To clear all permissions for a clean start: icacls s:\ /t /c /reset
Unfortunately for a huge directory tree icacls on a client takes 30
minutes for what setfacl can do on the server in 30 seconds.
---- setacl.cmd ----
@echo off
set dir=%~1
:loop
for /f "delims=: tokens=1-2" %%i in ("%2") do set who=%%i& set def=%%j
set right=
if "%def%"=="list" set right=(ci)rx
if "%def%"=="read" set right=(ci)(oi)rx
if "%def%"=="write" set right=(ci)(oi)m
if "%def%"=="admin" set right=(ci)(oi)f
if "%right%"=="" goto error
if errorlevel 1 verify>nul
echo icacls %dir% /grant %who%:%right%
rem icacls %dir% /grant %who%:%right%
if errorlevel 1 goto error
goto cont
:error
echo ### ERROR in setacl %dir% %who%:%def%
echo %date% %time:~0,8% ERROR in %dir% %who%:%def%>> setacl.log
:cont
shift
if not "%2" == "" goto loop
---- setacl.cmd ----
hope this helps,
Klaus
More information about the samba
mailing list