[Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens

Fred Matthiesen fred at matthiesen-whv.de
Fri Apr 4 11:50:06 UTC 2025 

OK, I'll work through the link below first.
Thank you Roland


------ Originalnachricht ------
Von "Rowland Penny via samba" <samba at lists.samba.org>
An samba at lists.samba.org
Cc "Rowland Penny" <rpenny at samba.org>
Datum 04.04.2025 13:42:34
Betreff Re: [Samba] Berechtigung lokaler User auf Verzeichnis Samba-User 
gleichen Namens

>On Fri, 04 Apr 2025 11:07:16 +0000
>Fred Matthiesen via samba <samba at lists.samba.org> wrote:
>
>>  The same output for both:
>>
>>  fred:x:1001:1001:Fred,,:/home/fred:/bin/bash
>>
>>  here the smb.conf:
>>
>>  # Global parameters
>>  [global]
>>           netbios name = DC1
>>           realm = MATLAB.LAN
>>           server role = active directory domain controller
>>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>  drepl, winbindd, ntp_signd, kcc, dnsupdate
>>           workgroup = MATLAN
>
>What I didn't guess was that you are running Samba as an AD DC, using
>Bind9 for the dns.
>
>I was trying to show that if a user is not in /etc/passwd (yours is),
>then it is still a 'local' user if the user is in AD and the OS is
>configured correctly. If the username is in /etc/passwd, that user will
>ALWAYS be the default user and the user in AD will be ignored.
>
>>
>>  [sysvol]
>>           path = /var/lib/samba/sysvol
>>           read only = No
>>
>>  [netlogon]
>>           path = /var/lib/samba/sysvol/matlab.lan/scripts
>>           read only = No
>>
>>  [homes]
>>           comment = Home Directories
>>           browsable = yes
>>           read only = no
>>           create mode = 0750
>>           valid users = %S
>>
>>  [Public]
>>    path =  /home/MATLAB/sambadaten
>>      browseable = yes
>>      read only = no
>>      # guest ok = yes
>>      guest ok = no
>>      # force user = nobody
>>      valid users = @smbuser g eine Freigabe mit chmod 0600
>>      force group = smbuser
>>      #  create mask = 0660
>>      directory mask = 0770
>
>Using a Samba AD DC as a fileserver isn't recommended, but if you do,
>you have to set them up correctly, not like you have, I suggest you
>read this:
>
>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list