[Samba] rights -- structures

Maurizio Caloro maurizio at caloro.ch
Mon Dec 14 08:00:15 UTC 2020 

Hallo
Have a Samba AD DC running 4.13.2 and a fileserver running 4.9.5 that is joined to your Samba AD domain.
Yes and now if I need to add permission on folder 

	chown	Name:smbadmin	/home/Userhome
	chown invalid user: Name:smbadmin

this machine are join to AD, and the Computer Object are visible, please i need here little update.

Fileserver smb.conf
	/shares/Userhome# cat /etc/samba/smb.conf
	[global]
	        realm = CARAG.LOCAL
	        security = ADS
	        workgroup = CARAG.LOCAL
	        server role = member server
	        vfs objects = acl_xattr
	        map acl inherit = yes

	[USERHOME]
	        path = /shares/Userhome/
	        read only = no

so the rights are need to pick up from my AD.
Thanks and best regards
Mauri


-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
Gesendet: Freitag, 11. Dezember 2020 18:51
An: samba at lists.samba.org
Betreff: Re: [Samba] rights -- structures

On 11/12/2020 17:10, Maurizio Caloro via samba wrote:
> Hello
>
> I have now AD 4.13.2 and FileServer with samba 4.9.5 this are joint to 
> Domain.
I take it that means you have a Samba AD DC running 4.13.2 and a fileserver running 4.9.5 that is joined to your Samba AD domain.
> I need to create now new a file Share permission structure.
The structure is entirely up to you
> If setting the Domain User and the smbadmin this are a possible 
> structure that I can assign different rights folders ?
>
> Domain Users:smbadmin                            /
Slight problem, it looks like you want to set the owner to 'Domain Users' and the group to 'smbadmin', I take it you really meant 'smbadmin:Domain Users', as a group cannot own things on Unix.
>                  Domain Users:smbadmin            /FolderName-DATA
>                  Domain Users:smbadmin            /FolderName-PICTURES
>                  Domain Users:smbadmin            /FolderName-PICTURES

As I said, the actual structure is up to you, but I wouldn't set it up under one share, I would  use a share for each directory

Try reading this: 
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

It may help if you can post the smb.conf files you are using.

Rowland




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list