Hi, [EMAIL PROTECTED] a écrit sur 04/08/2005 17:26:59 :
> Hello all, > > I'm working and searching for a few days to obtain this result : > > * I want to share some directories between differents users and groups > (windows XP clients) using a minimum but efficient configuration with > samba and posix acls. > * I would like that users windows configuration stay on locals machines > (no roaming accounts), > * When registering users and computers on the domain, users must keep > there configuration, > * I want to manage users and groups using srvtools.exe > > > I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC. > > My problems are : > * On windows (with administrator account), some directories don't have > the acl (security) panel, > * On other directories, the panel is present but I cannot modify > permissions, If you specify that the admin user is root, the administrator user don't have the right to admin the system. > * Users configurations are never stored locally, > * Creating new users with srvtools not possible, > * How to keep old users windows configuration when entering the domain ? > * No way to find a good tutorial answering my needs... SAMBA-HOWTO-COLLECTION and samba by-example in samba web-site > > > > Here is my configuration : > > > smb.conf : > ------------------------------------------------ > [global] > interfaces = 192.168.1.120/24 > enable privileges = yes > nt acl support = yes > > security = user > > netbios name = FSERVER > workgroup = FWSERVER > passdb backend = tdbsam > server string = File Server > > add user script = /usr/sbin/useradd -m '%u' > add group script = /usr/sbin/groupadd '%g' > add user to group script = /usr/sbin/usermod -G '%g' '%u' > add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' > > > logon script = scripts\logon.bat > logon path = > logon drive = H: > domain logons = yes > username map = /etc/samba/smbusers > > admin users = root > > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 > > encrypt passwords = yes > > wins support = yes > > os level = 50 > domain master = yes > local master = yes > preferred master = yes > > name resolve order = lmhosts host wins bcast > > preserve case = yes > short preserve case = yes > > unix password sync = yes > > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > > [public] > writable = yes > path = /share/public > public = yes > create mode = 0777 > directory mask = 0777 > admin users = root > nt acl support = yes > > [technique] > writable = yes > path = /share/technique > public = no > create mode = 0770 > directory mask = 0770 > valid users= @technique, @admins > admin users = root > nt acl support = yes > > [stagiaires] > writable = yes > path = /share/stagiaires > public = no > create mode = 0770 > directory mask = 0770 > valid users= @stagiaires, @admins > admin users = root > nt acl support = yes > > [secretariat] > writable = yes > path = /share/secretariat > public = no > create mode = 0770 > directory mask = 0770 > valid users= @secretariat @admins > admin users = root > nt acl support = yes > > [finances] > writable = yes > path = /share/finances > public = no > create mode = 0770 > directory mask = 0770 > valid users = @finances @admins > admin users = root > nt acl support = yes > ------------------------------------------------------------------- > > > My groupmaps seems to be good : > > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) -> admins > Power Users (S-1-5-32-547) -> -1 > Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) -> -1 > Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> admins > Domain Users (S-1-5-21-3171617769-241562045-158900556-513) -> ntusers > Account Operators (S-1-5-32-548) -> -1 > Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) -> secretariat > Technique (S-1-5-21-3171617769-241562045-158900556-3005) -> technique > Finances (S-1-5-21-3171617769-241562045-158900556-3007) -> finances > Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) -> stagiaires > Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) -> -1 > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > > > Thx for help. > > Max > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba ----------------------------------- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
