[Samba] Adding users to dirs, acl
This is a discussion on [Samba] Adding users to dirs, acl within the Samba forums, part of the Networking and Network Related category; I have some users I was to allow access to a dir, I know I will need to setup ACL'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-28-2008
|
|||
|
|||
[Samba] Adding users to dirs, acl
I have some users I was to allow access to a dir, I know I will need to
setup ACL's however when this is done can I add users to dirs like I can in windows? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
08-28-2008
|
|||
|
|||
|
Re: [Samba] Adding users to dirs, acl
On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury
<keith-lists@netzensolutions.com> wrote: > I have some users I was to allow access to a dir, I know I will need to > setup ACL's however when this is done can I add users to dirs like I can in > windows? > Yes, this works for me. Make sure your idmap is working. Here is what works for me on a test domain called YOUR_DOMAIN [global] idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS idmap config YOUR_DOMAIN:backend = nss idmap config YOUR_DOMAIN:readonly = yes idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = tdb idmap config TRUSTEDDOMAINS:range = 10000 - 50000 idmap alloc backend = tdb idmap alloc config:range = 10000 - 50000 BTW, I am using ldap with this PDC [global] add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/userdel -r "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" ldap admin dn = cn=Manager,dc=example,dc=net ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=net ldap ssl = no ldap user suffix = ou=Users ldapsam:trusted = yes ldapsam:editposix = yes John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
08-28-2008
|
|||
|
|||
|
Re: [Samba] Adding users to dirs, acl
John Drescher wrote:
> On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury > <keith-lists@netzensolutions.com> wrote: > >> I have some users I was to allow access to a dir, I know I will need to >> setup ACL's however when this is done can I add users to dirs like I can in >> windows? >> >> > Yes, this works for me. Make sure your idmap is working. > > Here is what works for me on a test domain called YOUR_DOMAIN > > [global] > idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS > idmap config YOUR_DOMAIN:backend = nss > idmap config YOUR_DOMAIN:readonly = yes > idmap config TRUSTEDDOMAINS:default = yes > idmap config TRUSTEDDOMAINS:backend = tdb > idmap config TRUSTEDDOMAINS:range = 10000 - 50000 > idmap alloc backend = tdb > idmap alloc config:range = 10000 - 50000 > > BTW, I am using ldap with this PDC > [global] > add user script = /usr/sbin/smbldap-useradd -m "%u" > delete user script = /usr/sbin/userdel -r "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > ldap admin dn = cn=Manager,dc=example,dc=net > ldap delete dn = Yes > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap suffix = dc=example,dc=net > ldap ssl = no > ldap user suffix = ou=Users > > ldapsam:trusted = yes > ldapsam:editposix = yes > > > > > John > Ah I am using winbind, I can chown dir's with domain users etc. I can even set rwx etc with setfacl -m u: "DOMAIN\user":rwx file However it does not seem to see the acls from windows... also i can't edit them from the windows server via the security tab it gives me access denied, any ideas why? do I need to map my AD administrator account to root so it will have perms to edit file system perms?? Or am I missing some thing... Would be great to be able to edit the perms from Windows tbh. Cheers Keith -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
08-28-2008
|
|||
|
|||
|
Re: [Samba] Adding users to dirs, acl
> Ah I am using winbind,
You still need a working idmap. >I can chown dir's with domain users etc. I can even > set rwx etc with setfacl -m u: "DOMAIN\user":rwx file > > However it does not seem to see the acls from windows... also i can't edit > them from the windows server via the security tab it gives me access denied, > any ideas why? Check your samba logs. You will probably see can not allocate gid John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
