list@mischievousmonkey.co.uk
2008-Sep-02 21:25 UTC
[Samba] Samba and file system permissions (secondary/auxillary/non-primary groups)
Hi I have a problem with samba integrated with Active Directory (2003). I wish to have one share containing different folders and I wish access to these folders to be controlled at the file system level. So that if a connecting user is in the group(s) specified at the filesystem level he or she is permitted access to that folder according to the folders permissions. I'm running Ubuntu 8.04.1, Likewise-open and Samba 3.0.28a . I have successfully gotten to the point where by samba recognises the groups at the share level but not at the folder level unless the users primary group is set to the folder group. Can anyone shed any light as to why this is so? I really need to be able to set permissions via group by folder in order to directly replace a windows file server. Below are sanitised versions of my config files. Thanks in advance for any help Regards Jon smb.conf --------------------- [global] security = ads workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL idmap backend = lwopen idmap uid = 50 - 999999999 idmap gid = 50 - 999999999 server string = %h server (Samba, Ubuntu) wins server = server1.mydomain.local dns proxy = no interfaces = 127.0.0.0/8 eth0 bind interfaces only = true log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d passdb backend = tdbsam encrypt passwords = yes obey pam restrictions = yes invalid users = root unix password sync = no socket options = TCP_NODELAY domain master = no map acl inherit = yes veto files = /.DS_Store/._*/ winbind use default domain = no #======================= Share Definitions ====================== [srv] path = /srv/ comment = DEV browseable = no valid users = @MYDOMAIN\group write list = @MYDOMAIN\group writable = yes create mask = 0775 directory mask = 0775 guest ok = no inherit permissions = yes nt acl support = yes lwiauthd.conf --------------------- [global] workgroup = MYDOMAIN security = ads passdb backend = tdbsam disable netbios = yes idmap domains = default idmap config default:default = yes idmap config default:backend = lwopen idmap config default:readonly = yes idmap alloc backend = tdb idmap alloc config:range = 9000 - 9999 idmap cache time = 3600 idmap negative cache time = 300 winbind cache time = 900 winbind offline logon = yes winbind refresh tickets = yes winbind replacement character = ^ winbind normalize names = yes winbind expand groups = 10 winbind enum users = Yes winbind enum groups = Yes template shell = /bin/bash template homedir = /home/%D/%U machine password timeout = 2592000 realm = MYDOMAIN.LOCAL use kerberos keytab = yes nt acl support = yes map acl inherit = yes veto files = /.DS_Store/._*/ winbind nss info = sfu
Maybe Matching Threads
- ldap secondary/auxillary groups not available
- Re: [Xen-changelog] Added auxbin module, for handling auxillary binaries.
- commit 'dri2: Send out event when auxillary buffers are invalidated' breaks nouveau 3D support
- Directory Permissions?
- unknown tag type 64 / recycle: stat for *:AFP_AfpInfo returned No such file or directory