Jose Renato Castro Milanez
2022-Apr-05 19:29 UTC
[Samba] samba ad dc problem with windows group share
Hello friends, how are you?
I created a share with this documentation (
https://wiki.samba.org/index.php/Windows_User_Home_Folders) and inside the
share,
created folders and give full control for each group I created at the SAMBA
AD DC.
When the user of the group create a file on the respective group share,
he'll the owner of the file but the group don't have full control of the
file too. Only the administration and domain admins have full control
access.
I'd like to know if I did it correctly or if I need to do another strategy
to enable group share for my AD DC users.
Thanks.
My samba config:
# Global parameters
[global]
dns forwarder = x, y
netbios name = AAA
realm = AAA.LOCAL
server role = active directory domain controller
workgroup = AAA
idmap_ldb:use rfc2307 = yes
vfs objects = acl_xattr full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdir rename unkink rmdir pwrite
full_audit:failure = none
full_audit:priority = NOTICE
map acl inherit = yes
store dos attributes = yes
printing = cups
wins support = yes
log level = 1 auth:5 winbind:5
ldap server require strong auth = no
spoolss: architecture = Windows x64
logging = syslog
[print$]
path = /samba/printer_drivers/
read only = no
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/aaa.local/scripts
read only = No
[printers]
path = /var/spool/samba
printable = yes
[groups]
path = /samba/groups
read only = no
--
M.Sc. Jos? Renato Castro Milanez
Analista de Tecnologia da Informa??o
Centro de Educa??o - CEDUC
Universidade Federal de Itajub?
Itajub? - Minas Gerais - Brasil
Telefone/Phone (55) (35) 3629-1951
E-mail jrcmilanez at unifei.edu.br
On Tue, 2022-04-05 at 16:29 -0300, Jose Renato Castro Milanez via samba wrote:> Hello friends, how are you? > > I created a share with this documentation ( > https://wiki.samba.org/index.php/Windows_User_Home_Folders) and > inside the > share, > created folders and give full control for each group I created at the > SAMBA > AD DC.Which method did you use ? 'Using Windows ACLs' or one of the others. You should also be aware that Samba does not recommend using a DC as a fileserver. Rowland
L.P.H. van Belle
2022-Apr-06 07:25 UTC
[Samba] samba ad dc problem with windows group share
Add "Creator Group" to the windows acl.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 5 april 2022 21:36 > Aan: samba at lists.samba.org > CC: Rowland Penny > Onderwerp: Re: [Samba] samba ad dc problem with windows group share > > On Tue, 2022-04-05 at 16:29 -0300, Jose Renato Castro Milanez > via samba > wrote: > > Hello friends, how are you? > > > > I created a share with this documentation ( > > https://wiki.samba.org/index.php/Windows_User_Home_Folders) and > > inside the > > share, > > created folders and give full control for each group I > created at the > > SAMBA > > AD DC. > > Which method did you use ? 'Using Windows ACLs' or one of the others. > You should also be aware that Samba does not recommend using a DC as a > fileserver. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >