On Thu, Oct 16, 2008 at 02:18:13PM +0200, Mikael Kermorgant wrote: > By switching to samba, we face a set of challenges : > > * Joining the domain and retrieving users and groups from the windows domain > to the samba server. > As I know, this is ok and is well done with winbind
Yep, winbind will fix this. > * Changes to our security policy. We will have to manage security at the > linux/samba level and this raises some questions: > - is it still possible to keep the security management at the file level (by > giving full control at the share level and thus eliminating botherings on > this side) ? I know there are some limitations when mapping posix acls to > windows one but that might be acceptable. > > - I've tried to manage posix acls on ext3 via konqueror which I could find a > good alternative to windows' gui but I'd prefer a web front end. Would you > have some nice web gui to recommend ? I don't know of any web gui to modify POSIX ACLs, mostly people ssh in and use getfacl/setfacl directly. If you set the options : "dos filemode = yes" "inherit owner = yes" and set the setgid bit on the share directory then this will have a similar effect to Windows "group ownership" of files, so users in the same group as the containing directory will have access as though they were owners. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
