Daniel Curry
2002-Aug-01 09:01 UTC
[Samba] User directory shares with Samba, Winbind, and Win2k domain - Partial solution
Mats, After a couple hours of reading and trial and error, this is what I got to work for me. [username] path = /home/USERS/username writable = yes comment = User File Storage valid users = DOMIAN+username create mode = 0664 directory mode = 0775 browseable = no Then on the directory structure it self I had to run a 'chown -R DOMAIN+username.DOMAIN+group userdir' This set the file and group ownership of the directory to be assigned to those users and their group (or department) according to the NT/Win2k domain controllers authentication system. Winbind is providing me with this authentication link. Next I get to start messing with the actual directories and folders that hold the departmental and groups public and semi-public files. I have not tested it yet, but I believe that assigning the public and semi public folder to the department head as owner and the department as group (DOMAIN+Depthead.DOMIAN+dept), then a 775 on the public and 770 on the semi public SHOULD grant the right permissions I need to the members of the department to modify the public and semi public files, as well set the desired permissions on the semi public, where the group can see and modify, but the rest of the company can not. This is how I am trying to make it work with Samba+winbind and Win2k authentication. I hope you are able to find a solution that works for you. Daniel Curry IT Manager Cariocas 625 Second Street Suite 201 San Francisco, CA 94107 ph: 415-348-6516 fx: 415-348-6505 cell: 510-579-6680 "If A equals success, then the formula is: A = X + Y + Z, X is work. Y is play. Z is keep your mouth shut." - Albert Einstein -----Original Message----- From: Mats Wallander [mailto:mats.wallander@ausystem.se] Sent: Thursday, August 01, 2002 1:38 AM To: Daniel Curry Subject: RE: [Samba] User directory shares with Samba, Winbind, and Win2k domain - help deparately needed! Hi Daniel, We have exactly the same problem for our company, as we have bought a solution from another company, and they don't seem to be able to help us. In out case we are moving to a AIX/Samba 2.2.3 platform using no winbind as this is not available for AIX yet. If winbind makes things easier we may change to Linux instead of AIX. We understand that you cannot get the same access configuration as on a W2k platform, but hope that the Samba layer can override the Unix access control. (Using for example write list and read list for multiple groups, with different access rights). We will inform you if we come up with good working ideas, and hope you can return any experiences to us. /Mats W -----Original Message----- From: Daniel Curry [mailto:dcurry@cariocas.com] Sent: den 31 juli 2002 20:23 To: Samba (E-mail) Subject: [Samba] User directory shares with Samba, Winbind, and Win2k domain - help deparately needed! I have a new samba install with winbindd running correctly. I have moved folders from the old Win2k file server to this new file server. I need to re-create the same permissions that the Win2k file server had for the users. The users were in groups, based upon departments. Each department head had RW priv to the department share and RO on each user's sub directory. Each user, of course, had RW on their own dirs. The Department dir/share was RO to the world. I would like to recreate this, but am not certain how to, considering the combination of Win2k Domain groups and users with unix/linux users and groups. Please help and advise. Thanks Daniel Curry IT Manager Cariocas 625 Second Street Suite 201 San Francisco, CA 94107 ph: 415-348-6516 fx: 415-348-6505 cell: 510-579-6680 "If A equals success, then the formula is: A = X + Y + Z, X is work. Y is play. Z is keep your mouth shut." - Albert Einstein -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba