[Samba] Acls
Rowland penny
rpenny at samba.org
Sat Sep 5 17:07:16 UTC 2020
On 05/09/2020 17:21, Philip Offermans wrote:
> The output is:
> /getent group 'domain admins’ /
> /
> /
OK, try using this smb.conf:
[global]
workgroup = ROMPEN
security = ADS
realm = ROMPEN.LOCAL
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
dns proxy = no
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config ROMPEN:backend = rid
idmap config ROMPEN:range = 10000-40000
template shell = /bin/bash
template homedir = /home/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
acl allow execute always = yes
[share]
path = /nas
read only = no
inherit acls = yes
[users]
path = /usr/home
comment = users share
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = @"ROMPEN\Domain Users"
admin users = @"ROMPEN\Domain Admins"
Create /etc/samba/user.map (it doesn't seem to exist) containing this:
!root = ROMPEN\Administrator
Restart Samba
Rowland
More information about the samba
mailing list