[Samba] Shares with Windows ACLs on standalone server?

mathias dufresne infractory at gmail.com
Mon Sep 21 16:22:08 UTC 2015

First I'm not an expert in Microsoft world neither ;)
Then I'm not sure you don't have already all you need :p
And I must say I'm not a Samba expert neither :D

As far as I understood there are two kind of Microsoft domain: NT4 and
Active Directory (AD).

NT4 domains are old Microsoft domain.
AD domains are new version of Microsoft domain, they came up with Windows
2000 Server.

Samba 3 is able to host NT4 domain.
Samba 4 is able to host both NT4 and AD domains. Not at same time of course
: )

AD domains in Samba4 do *not* support LDAP backend.
NT4 domains in Samba4 do support LDAP backend.

I never heard about Samba + LDAP backend without NT4 domain. So I expect
you would need a NT4 domain hosted by Samba4 and plug that domain to your
LDAP tree. This is to get your users list and a way to access them,
authenticate them.

Finally the ACLs part.
Here I use Samba4 acting as AD domain, file systems are XFS and shares
automagically support Windows ACLs.

Perhaps if you don't need LDAP as backend you can design a file server
using Samba4 which support Windows ACLs without doing anything more than
installing Samba + declaring a new share + declaring a new user...



2015-09-21 8:14 GMT+02:00 Matthias Leopold <matthias at leopold.priv.at>:

> Thanks for reply! That's encouraging
> matthias
> Am 2015-09-19 um 19:25 schrieb Marc Muehlfeld:
>> Hello Matthias,
>> Am 19.09.2015 um 10:35 schrieb Matthias Leopold:
>>> is this possible on a standalone samba server (4.1 with ldap backend)?
>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>> Yes.
>> Regards,
>> Marc
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list