[Samba] Upgraded a member server to 4.8, rfc2307 data?

L.P.H. van Belle belle at bazuin.nl
Wed Sep 5 15:04:14 UTC 2018


My eyes changed some words again and the is the important part. 
This is what i did mean. 

 >>  The headache points for people.   << 
Now my users switch departments, if wrongly setup, both users CAN NOT read/write one anothers files.
In my case, both users CAN  read/write the created files from one another, no headache ;-)  



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: woensdag 5 september 2018 16:59
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Upgraded a member server to 4.8, rfc2307 data?
> 
> Hai Marco, 
> 
> If you dont need it, then you can remove it. 
> And in addition to Rowland comment, i'll show how i use it. 
> 
> In reply to. 
> >It is needed? AFAI've understood it means that users will 
> have UNIX primary group the windows group 
> >and not 'domain users', but reeally i don't need that...
> 
> I'll explain how i use it and why, maybe its useable for you 
> or others. 
> 
> My windows group "Domain User" always the default for the 
> users, it is the default group for every user, except guests. 
> This is the windows default, i did assign GID's to 
> "domain users"
> "domain admins"	< most people dont use this or use with 
> care on the linux side.
> "domain guest"
> "domain computer" < most people dont use this or use with 
> care on the linux side.
> 
> And some other groups i need on linux, only the groups i need 
> (on linux) have GID assigned. 
> And yes, i did need all the "domain ...." groups in linux 
> also.. I needed these. 
> That why domain admins is having a GID. 
> 
> I do want my windows users to login on linux systems and use 
> "Domain Users" as primary group. 
> 
> I use this to overcome some inherit problems.
> Remember this, and this is the most important part imo. 
> 17XX "Creator Owner"
> 277X "Creator Group"
> 377X "Creator Owner and Creator Group"
> 
> /data 	root:"Domain Admins"	1755 ( allow everybody 
> in this folder, even guests ) 
> 	everyone can walk/enter this folder (/data) due to the 
> last 5 in 1775 on linux. 
> 
> /data/dep1	root:"Dep1"	 2770 ( allow users/group 
> rights) and if member of "Dep1" only then you can enter and 
> read/write.
> /data/dep2	root:"Dep2"	 2770 ( allow users/group 
> rights) and if member of "Dep2" only then you can enter and 
> read/write.
> 
> If user1 creates a file in /data/dep1 , it creates it as 
> user1:"Domain User"
> If user2 creates a file in /data/dep2 , it creates it as 
> user2:"Domain User"
> But 
> User1 is not able to access /data/dep2 due to the group 
> restriction Dep1.
> User2 is not able to access /data/dep1 due to the group 
> restriction Dep2.
> 
>  >>  The headache points for people.   << 
> Now my users switch departments, if wrongly setup, both users 
> and read/write one anothers files.
> In my case, both users and read/write the created files from 
> one another, no headache ;-) 
> 
> This is a bit how i setup my rights. ( depending on server 
> and use of the server ).
> 
> And please note, this is only the LINUX PART of the rights. 
> And best is to keep this as much as possible in line. 
> 
> I hope this helps a bit for you and others. 
> 
> 
> Greetz, 
> 
> Louis
> 
>  
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Marco Gaiarin via samba
> > Verzonden: woensdag 5 september 2018 16:15
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Upgraded a member server to 4.8, 
> rfc2307 data?
> > 
> > Mandi! L.P.H. van Belle via samba
> >   In chel di` si favelave...
> > 
> > >     idmap config LNFFVG: unix_primary_group = yes
> > 
> > It is needed? AFAI've understood it means that users will 
> > have UNIX primary
> > group the windows group and not 'domain users', but reeally i 
> > don't need
> > that...
> > 
> > -- 
> > dott. Marco Gaiarin				        GNUPG 
> > Key ID: 240A3D66
> >   Associazione ``La Nostra Famiglia''          
> > http://www.lanostrafamiglia.it/
> >   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> > Tagliamento (PN)
> >   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> > f +39-0434-842797
> > 
> > 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> >       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> > 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list