[Samba] Samba4: Setting up share/security permissions for shares on memb
?icro MEGAS
micromegas at mail333.com
Tue Oct 21 12:46:54 MDT 2014
> have a look here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
> and here: https://wiki.samba.org/index.php/Delegating_Administration_Permissions
>
> Rowland
The first link is known to me, there is no information about "username map" as you explained to me. The second link describes how to assign some "special privileges" to non-DomainAdmin groups, thats nice. But unfortunately I didn't understand how to achieve my goal with that. I don't want to create an extra group "supporters" or similar, I just want to allow all members of 'MYDOM\Domain Admins' to change security settings. The example you gave me before works for one user. I did read the "man smb.conf" for that directive "username map" and I tried various variations for the "smbmap" file:
(1)
!root = '@MYDOM\Domain Admins' '@MYDOM\domain admins' '@Domain Admins' '@domain admins'
'@domain admins'
(2)
!root = @'MYDOM\Domain Admins' @'MYDOM\domain admins' @'Domain Admins' @'domain admins'
@'domain admins'
(3)
!root = @MYDOM\Domain\040Admins @MYDOM\domain\040admins @Domain\040Admins @domain\040admins
@domain\040admins
Unfortunately it didn't work. But following works of course:
(4)
!root = MYDOM\Administrator MYDOM\johndoe MYDOM\foobar MYDOM\admin3 MYDOM\admin4
administrator
Example (4) is doing fine as I realized, but let's say we have 50 admins, it's not comfortable to put each name in here. So I would prefer the more elegant way and define a group name which should be the group "MYDOM\Domain Admins".
Here's the output of...
[root at membersrv1:~$ getent group 'domain admins'
domain admins:x:11000:johndoe,foobar,admin3,admin4,admin5,admin6,...,admin50
Mirco
More information about the samba
mailing list