Thank you all for your feedback. This is what I have done
Installed acl Mounted xfs partition with acl option on /home For the share I have: [testshare] path = /home/testshare nt acl support = yes dos filemode= yes writeable = yes valid users = boss,x,y,z admin users = boss inherit permissions = yes store dos attributes = yes map acl inherit = yes inherit permissions = yes store dos attributes = yes inherit acls = Yes ea support = yes for each "useradd" there is a smbpass -a applied net sam rights grant "boss" SeDiskOperatorPrivilege mmc... works ! Only one question remains, if I add a user to unix/samba it does not appear in the share acl even if I add it to "valid users". I have to add the user to the share with setfacl -m u:newuser:r /home/testshare And then change anything I need with mmc. Is there a way around this ? Best Regards, Sebastian Perkins Systems Developer Engineer -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: mercredi 29 septembre 2010 11:23 To: Perkins Sebastian, SH-SYS-GRP (EXT); [email protected] Cc: [email protected] Subject: RE: [Samba] samba 3.5.5 and ACL mod ensure that nt acl support= yes dos filemode= yes for a given share in smb.conf and for mmc access assign SeDiskOperatorPrivilege to the samba users /usr/local/sama/bin/net sam rights grant "samba username" SeDiskOperatorPrivilege if it is in domain /usr/local/sama/bin/net sam rights grant domain\\username SeDiskOperatorPrivilege Hope this helps -Suresh -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, September 29, 2010 2:01 PM To: [email protected] Cc: [email protected] Subject: Re: [Samba] samba 3.5.5 and ACL mod >>On Tue, Sep 28, 2010 at 12:14 PM, <[email protected]> wrote: >>>Hello, >>> >>> We are in the middle of testing debian squeeze 64 bits with samba 3.5.5 >>> >>and are running into some questions: >>> >>> 1) Is this solution OK with windows 7 "out of the box" (ie no >>> >>hacking/modifications to do on the pc) ? I have tested it seems so but I >>> >>would like a confirmation. >> >>You still need the registry change from here: >>http://wiki.samba.org/index.php/Windows7 We are using security=user to challenge local passwords and not a domain (maybe later...). >> > >> > 2) Despite massive googling, I have not found a correct smb.conf >> >> >> >> > configuration to change ACL statuses on shares (or even subfolders/files) >> > >> via a windows based mmc (xp or vista). Yes, the IT people are not into >> > >> >> SWAT or Webmin. It is stated possible. Are there any pointers or >> > special >> issues I have missed with this version? >> > >> You need idmap to work for acls to even begin to work as you expect. >> You also need either acls enabled in the host filesystem and / or use >> the acl_xattr module. Testbed is using xfs so what I understand it that acls are already embedded. Later we will use nfs shares, at this time in v3 which must be updated to v4 for acls. Do I still need idmap in this situation ? the doc seems quite domain oriented with this sort of config. My goal is to permit acl based on the local unix users (just created by useradd and smbpasswd -a). Sebastian John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
