[Samba] simple recommendations

Rowland penny rpenny at samba.org
Thu Feb 18 16:26:41 UTC 2016

On 18/02/16 15:29, Andy Smith wrote:
> Thanks for your reply Rowland. I don't think I managed to get my
> question across very well on the first attempt. I still really need to
> know 2 things:
> 1) Can I see and modify permissions on a Samba share from a PC (either a
> domain member or not, please provide detail). I have tested this with a
> non domain member and it seems to be not possible, is it just me or is
> this expected behaviour.

To change permissions on a Samba share on a standalone server, the user 
must be known to the underlying OS and have Unix permissions on the 
share. what this means is that the user must exist on the windows 
machine, on the Unix machine and in Samba, they must also all have the 
same password. Whatever the user is trying to change the permissions on 
must either belong to them or the user must be a member of the Unix group.

> With a domain member will this work as smoothly
> as a real windows server (assuming Linux install with ACL ext4 file
> system)? Ie open folder permissions from client and add/modify
> user/group permissions.


> 2) Is there a reason to install Samba as standalone rather than AD?

If you install Samba as a standalone alone server, it will operate just 
as a windows PC that isn't joined to a domain does.

> I
> ask as obviously AD systems allow access to non domain members, and it
> seems AD is now the mainstream where Samba is concerned,

No, Samba nowadays can be set up just like it was before, it can be a 
standalone server, an NT-4 style PDC or BDC, but it can now also be set 
up as an AD DC. This is where most of the development seems to be 
focussed, probably because this is what windows expects now.

> its no skin off
> my nose to install as AD.

You need to identify what you need and set up Samba accordingly.


More information about the samba mailing list