[Samba] User home drives on AD DC

mathias dufresne infractory at gmail.com
Thu Jan 12 11:13:44 UTC 2017


2017-01-11 9:44 GMT+01:00 Arnaud FLORENT via samba <samba at lists.samba.org>:

> Hello
> i am following the wiki
> https://wiki.samba.org/index.php/User_home_drives
> to setup user home drive on samba ad dc (ubuntu 14.04 / samba 4.3.11)
> i would like to set up the share and filesystem permissions
> without using windows clients, only using command line on the server...
> is it possible?

I expect the share creation and filesystem permissions can be applied by
Linux side.
Here by filesystem permissions I mean FS permissions, not share
permissions. The FS (btrfs, ext4...) is managed by the system when share is
managed by Samba.

I don't know if there something to do to transform that simple share into
homedir share.

> how do i setup share permission on home? it looks like recorded in
> share_info.tdb but i do not known the binary format...

Perhaps using ldbedit or ldbmodify/ldapmodify. I believe permissions are
stored in hidden attribute named "NTSecurityDescriptor". Syntax of that
attribute is quite obscure but there are docs on the net. To set up Windows
rights on the share I would use Windows tools (unless you have to set up
rights for each home dir into that share but I would be surprised but such
a behaviour).

> how do i setup file system permission using facl for extended acl like
> Authenticated Users: Read & Execute, List Folder Contents, Read ?

If you are using in your smb.conf that:
acl_xattr:ignore system acls = yes
you should be able to ignore UNIX ACLs...

If you don't ignore system ACLs then the tools to deal whit UNIX ACLs are
setfacl and getfacl.

> Regards
Hoping this helps,


More information about the samba mailing list