[Samba] User and Group management from Linux plus roaming profiles

L.P.H. van Belle belle at bazuin.nl
Tue Sep 8 13:09:02 UTC 2015


You can setup 2 profile shares if you want. 

Then you need to change the following. 

( on a member server ) 
    # For Windows ACL support on member file server, enabled globaly
    # For a mixed setup of rights, put this per share.
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes


and create 2 profile shares. 
For example : 

[msprofiles]
    browseable = yes
    path = /home/samba/msprofiles
    read only = no
    acl_xattr:ignore system acl = yes

[nixprofiles]
    browseable = yes
    path = /home/samba/nixprofiles
    read only = no


and set the correct profiles per user. 

But this only works if your users dont work on both Linux and MS workstations. 

Just define the policy location per user. 



Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Robert Moskowitz [mailto:rgm at htt-consult.com]
> Verzonden: dinsdag 8 september 2015 14:54
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] User and Group management from Linux plus roaming
> profiles
> 
> 
> 
> On 09/08/2015 03:38 AM, L.P.H. van Belle wrote:
> > If you did read correct.
> >
> > You choose...
> >
> > OR posix acls setup
> > OR windows acl setup.
> > Do not mix up the both!
> 
> Ah,  I was afraid that is what was meant there and that one could only
> manage acls for windows systems/users via MS tools.
> 
> But as you can only have one [Profiles], and if you WILL have posix
> (linux, mac) systems, then you need to have that [Profiles].
> 
> > My advice, use windows ACL setup for profiles, since "normaly" only
> windows computers use this, and for this, you can set the value:
> >
> > acl_xattr:ignore system acls = yes
> >
> > which makes the share even more windows acl compatible, and saves right
> hassle.
> 
> Where do I set this?
> 
> thanks





More information about the samba mailing list