Hi friends, please anybody answer......
On Mon, Apr 23, 2012 at 7:55 AM, rapghere rap <[email protected]> wrote: > Dear friends, > > I did adding and my Centos 6.2 to windows 2008 domain and shared a > directory with samba. > > Here are the steps I did, > > 1. Joined my Centos 6.2 with *ext4* file system into our windows 2008 > domain using winbind. > > 2. modified fstab to set acl to the directory which has to be shared > > 3. Shared that directory via samba with domain with acl options in > smb.conf file > > 4. Set domain administrator as the owner and domain users are the group. > > 5. From windows I can able to set permissions. > > > But the problem I am facing is when I set *write* permission for a user. > It automatically applies the *delete* and *modify* permission for the sub > folders and files.But in our environment, we have to give some users *only > write permission but not delete, modify or rename* including any of the > sub folders and files. For some users* only read* permission, For some > users *full permission but they are not administrators*. Like wise only > delete. Please share your points. > > > > > > > On Wed, Mar 14, 2012 at 2:24 AM, Raja Subramanian > <[email protected]>wrote: > >> Sorry... I replied prematurely in my earlier post. Please ignore earlier >> one. >> Here is the completed response. >> >> >> On Wed, Mar 14, 2012 at 2:02 AM, Raja Subramanian >> <[email protected]> wrote: >> > On Tue, Mar 13, 2012 at 5:26 PM, rapghere rap <[email protected]> >> wrote: >> >> Anyone, could you please explain in detail. >> > >> > Here are some high level steps. You'll need to consult relevant >> > documentation along the way. >> > >> > >> >>> I have an ubuntu 10.04.2 desktop joined into my windows domain >> running on >> >>> Windows 2008 R2 AD server using pbisopen6.5 (formerly likewise open). >> >> Run Samba on your desktop. Configure it to join W2k8 R2 domain. Consult >> Samba docs for how you can add your samba server to an existing AD domain. >> >> You'll need to use "security = ADS" in your [global] smb.conf section and >> also need domain administrator credentials for one time addition. >> >> Once the Samba server is added in AD, new AD Computer object will be >> created. This is exactly like adding any Windows desktop/server to AD. >> >> You then need to ensure extended ACLs are enabled for the file system >> which contains /ubshare. Use the "acl" option in fstab. Eg. >> >> /dev/sda2 /ubshare ext3 defaults,rw,acl 1 1 >> >> Recommended you install e2fsprogs so you get lsattr/chattr and other >> utils which you can use to view/set extended ACLs on ext2/3/4 file >> systems. >> >> In smb.conf [global] section, you'll need >> >> map acl inherit = yes >> nt acl support = yes >> >> to enable extended ACLs globally. You can now set administrator users >> for /ubshare so they can change ACL permissions for other users. >> >> [ubshare] >> >> admin users = @"DOMAIN\DomainAdministrator" >> >> Once all this is done, need to connect to the share from any AD registered >> Windows desktop and as the admin user above. From the Windows Explorer >> file permissions dialog, you can set permissions in the same manner >> you set permissions on native Windows shares. >> >> If in doubt Google for "samba extended acl" and follow the examples. >> Official >> documentation is sparse. >> >> It's preferred to use native Samba utilities (winbind) to connect with AD. >> >> There is an alternate LDAP and NSS which is outlined here: >> http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP >> >> LDAP approach is better suited only if you want all AD users to be visible >> to Unbutu natively - ie, users can login to the shell over ssh using their >> AD credentials. The setup is more complex and involves a lot of moving >> parts which are not needed for simple Samba ACL setup. >> >> Best of luck! >> >> - Raja >> _______________________________________________ >> ILUGC Mailing List: >> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc >> > > _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
