[Samba] User and Group management from Linux plus roaming profiles

L.P.H. van Belle belle at bazuin.nl
Tue Sep 8 13:15:58 UTC 2015


Small correction on this example.. 

 ( on a member server )
     # For Windows ACL support on member file server, enabled globaly
     # For a mixed setup of rights, put this per share, and disable globaly
     #vfs objects = acl_xattr
     #map acl inherit = yes
     #store dos attributes = yes
 
 
 and create 2 profile shares.
 For example :
 
 [msprofiles]
     browseable = yes
     path = /home/samba/msprofiles
     read only = no
     acl_xattr:ignore system acl = yes
     vfs objects = acl_xattr
     map acl inherit = yes
     store dos attributes = yes
 
 [nixprofiles]
     browseable = yes
     path = /home/samba/nixprofiles
     read only = no
     vfs objects = acl_xattr
     map acl inherit = yes
     store dos attributes = yes
     create mask = 0600
     directory mask = 0700
     profile acls = yes
     csc policy = disable


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: dinsdag 8 september 2015 15:09
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] User and Group management from Linux plus roaming
> profiles
> 
> You can setup 2 profile shares if you want.
> 
> Then you need to change the following.
> 
> ( on a member server )
>     # For Windows ACL support on member file server, enabled globaly
>     # For a mixed setup of rights, put this per share.
>     vfs objects = acl_xattr
>     map acl inherit = yes
>     store dos attributes = yes
> 
> 
> and create 2 profile shares.
> For example :
> 
> [msprofiles]
>     browseable = yes
>     path = /home/samba/msprofiles
>     read only = no
>     acl_xattr:ignore system acl = yes
> 
> [nixprofiles]
>     browseable = yes
>     path = /home/samba/nixprofiles
>     read only = no
> 
> 
> and set the correct profiles per user.
> 
> But this only works if your users dont work on both Linux and MS
> workstations.
> 
> Just define the policy location per user.
> 
> 
> 
> Greetz,
> 
> Louis
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Robert Moskowitz [mailto:rgm at htt-consult.com]
> > Verzonden: dinsdag 8 september 2015 14:54
> > Aan: L.P.H. van Belle; samba at lists.samba.org
> > Onderwerp: Re: [Samba] User and Group management from Linux plus roaming
> > profiles
> >
> >
> >
> > On 09/08/2015 03:38 AM, L.P.H. van Belle wrote:
> > > If you did read correct.
> > >
> > > You choose...
> > >
> > > OR posix acls setup
> > > OR windows acl setup.
> > > Do not mix up the both!
> >
> > Ah,  I was afraid that is what was meant there and that one could only
> > manage acls for windows systems/users via MS tools.
> >
> > But as you can only have one [Profiles], and if you WILL have posix
> > (linux, mac) systems, then you need to have that [Profiles].
> >
> > > My advice, use windows ACL setup for profiles, since "normaly" only
> > windows computers use this, and for this, you can set the value:
> > >
> > > acl_xattr:ignore system acls = yes
> > >
> > > which makes the share even more windows acl compatible, and saves
> right
> > hassle.
> >
> > Where do I set this?
> >
> > thanks
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list