samba - Jun 2007 - managing permissions from windows (is it possible?)

I have a FreeBSD Samba box running as PDC for a WinXP network.  Is it
possible for the Windows administrators to modify permissions
(right-click of folders...) from their own computers?  I have already
mapped windows groups to unix groups.  When I try to do this I either
get a lack-of-permissions error or all the little boxes become
unchecked again after clicking OK).


      Get news delivered with the All new Yahoo! Mail.  Enjoy RSS feeds right on
your Mail page. Start today at http://mrd.mail.yahoo.com/try_beta?.intl=ca

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juan,

If you have ACL support for the filesystem, and Samba has been
compiled with ACL support then yes. I have Samba 3.0.23c running on
Centos, ext3 filesystem mounted with ACL support and I can do this
from the Shares Section in the Computer Management MMC.

- - Pramod

Juan Miscaro wrote:
> I have a FreeBSD Samba box running as PDC for a WinXP network.  Is it
> possible for the Windows administrators to modify permissions
> (right-click of folders...) from their own computers?  I have already
> mapped windows groups to unix groups.  When I try to do this I either
> get a lack-of-permissions error or all the little boxes become
> unchecked again after clicking OK).
>
>
>       Get news delivered with the All new Yahoo! Mail.  Enjoy RSS feeds
right on your Mail page. Start today at
http://mrd.mail.yahoo.com/try_beta?.intl=ca

- --
Pramod Venugopal
pramod@dvnull.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGYmfRX5FtsCrAzXYRAsIVAJ4tXGuBH1nWftcT+gQNlvxOGVoiqQCgyVN/
A8EqTwo7se8IcouklUUcrQs=pEnx
-----END PGP SIGNATURE-----

"Juan Miscaro" <scry_mr@yahoo.ca> wrote in message
news:136189.34896.qm@web63908.mail.re1.yahoo.com...
I have a FreeBSD Samba box running as PDC for a WinXP network.  Is it
possible for the Windows administrators to modify permissions
(right-click of folders...) from their own computers?  I have already
mapped windows groups to unix groups.  When I try to do this I either
get a lack-of-permissions error or all the little boxes become
unchecked again after clicking OK).

This document should help.

http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1080966,00.html

>
> If you have ACL support for the filesystem, and Samba has been
> compiled with ACL support then yes. I have Samba 3.0.23c running on
> Centos, ext3 filesystem mounted with ACL support and I can do this
> from the Shares Section in the Computer Management MMC.
>
>
I did not know I could do that. Thanks for the info.

I have that problem and a second related problem. With the MMC or the
properties dialog the groups that are displayed are only Admistrators
(SERVER\Administrators), Everyone, and Users(SERVER\Administrators) for all
shares even if in Unix the group is set to HonestBrokers which is a valid
windows and unix group. Also like the original poster all the permissions
boxes are unchecked no matter what their real values are. I am using a samba
3.0.24 PDC with LDAP. Also the windows groups and the linux groups are the
same thing. Will enabling ACL get the groups in these windows property boxes
to be the ones seen in linux? Or do I need to use winbind?

Thanks,
John

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well this is how I have my setup:

I installed Samba/LDAP after following the idealx guide.

My user is a member of Domain Admins and in the smb.conf I have the
following:

admin users = @"Domain Admins"
winbind use default domain = yes
nt acl support = yes

- - Pramod

John Drescher wrote:
>>
>> If you have ACL support for the filesystem, and Samba has been
>> compiled with ACL support then yes. I have Samba 3.0.23c running on
>> Centos, ext3 filesystem mounted with ACL support and I can do this
>> from the Shares Section in the Computer Management MMC.
>>
>>
> I did not know I could do that. Thanks for the info.
>
> I have that problem and a second related problem. With the MMC or the
> properties dialog the groups that are displayed are only Admistrators
> (SERVER\Administrators), Everyone, and Users(SERVER\Administrators)
> for all
> shares even if in Unix the group is set to HonestBrokers which is a
> valid
> windows and unix group. Also like the original poster all the
> permissions
> boxes are unchecked no matter what their real values are. I am using
> a samba
> 3.0.24 PDC with LDAP. Also the windows groups and the linux groups
> are the
> same thing. Will enabling ACL get the groups in these windows
> property boxes
> to be the ones seen in linux? Or do I need to use winbind?
>
> Thanks,
> John
- --
Pramod Venugopal
pramod@dvnull.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGZGPSX5FtsCrAzXYRAgdzAKCr1DiIGcgEzt0VKSD0NV5CZZIAZwCeLvpi
ll8S8FpkaA0sZMIulHMaWvU=J2oR
-----END PGP SIGNATURE-----

On 6/4/07, Pramod Venugopal <pramod@dvnull.org >
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well this is how I have my setup:
>
> I installed Samba/LDAP after following the idealx guide.
>
> My user is a member of Domain Admins and in the smb.conf I have the
> following:
>
> admin users = @"Domain Admins"
> winbind use default domain = yes
> nt acl support = yes

Thanks. I after enabling ACLs on a single share to test I have found out a
few things. The properties resetting problem appears to happen if the unix
group is the same as the group that you change permissions on. After that I
had the problem of SIDs appearing in the XP properties dialog instead of the
real name. After upgrading from 3.0.24 to 3.0.25a and installing winbind
this time that problem was fixed as well so it seems that winbind is
required for this to work correctly. I do still have one problem as wbinfo
-g works as expected but wbinfo -u returns no results also. net rpc info
tells me I have no domain users. This seems weird because the 50+ users I
have work fine in the domain...

John