Jeremy,
Thanks. Getting that setup now brings me to the point of needing to
further ask a question. I am now able to set very specific permission
on a folder, but at this point, I am only mapping to local groups. That
is, I can set permissions:
BERKELEY\its staff <-- berkeley being the netbios of the local samba server
But I can't do:
CATNET\its staff <-- CATNET being the group in Active Directory
Once I click apply in the properties dialogue box, the entry goes away.
The whole idea here (if it's possible) is to avoid managing group
memberships locally since that literally replicates Active Directory.
Is there a solution to this in the current release of Samba?
Thanks,
Rob
Jeremy Allison said the following on 04/11/2006 11:42 AM:
On Tue, Apr 11, 2006 at 11:35:02AM -0700, Rob Tanner wrote:
Hi,
We would like to aggregate departmental servers on to a single samba
share called "departments" and under departments would be a set of
folders corresponding to the departments. Permissions need to be
controlled by group memberships in active directory. When I go into
folder properties on an XP with the departments share mounted, under the
security tab I see Administrators, Everyone and Users. I can click add
and add a domain group (e.g., "its staff"), and it gets added to the
list of groups at the top. I can set permissions, etc. But when I
click apply, the added group goes away.
What do I need to do to enable that functionality?
You need to have POSIX ACLs enabled on the filesystem plus
a Samba compiled with POSIX ACL support. Mount the filesystem
(on SUSE) with the options "rw,acl,user_xattr"
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
