On Thu, 27 Nov 1997, Chris Shenton wrote:
> We've got a document repository on a Samba system, v 1.9.17alpha3,
> Solaris 2.5.1. Or clients authenticate to an NT domain so we do auth
> on Samba using the construct:
>
> security = server
> password server = HQBDC1
>
> What we'd like to do is allow one of our departments to get access to
> the docs but prevent all the other departments. I'd like to use the NT
> *group* in which the users belong to do access control but I can't
> figure a way to tell Samba to do this. I really don't want to have to
> clone a password file in UNIX or enumerate usernames because they
> change so often -- I'd rather let the NT server boyz worry about that
> stuff. :-)
ok, thinks. right.
1) create a group on the NT box with all the people that are allowed access
to those document. call it "Document Users"
2) use right-mouse-click, go to properties, on the documents directory.
click on the "permissions" tab. you will see that permission is
granted
"Full" to "Everyone". you want:
- "Full" to "Domain Users"
- "Read-only" to "Document Users"
> Is there a way to do ACLs based on NT groups?
we haven't worked out ACLs yet :-) it's on the hit-list.
unfortunately,
we'd need to work out a unix->ACL mapping-system, first :-(
> Or perhaps I'm so clueless on NT domains and NT-style authentication
> to understand whether this is doable. But let me know one way or the
> other.
>
> Thanks.
>
> (I just pulled down 1.9.18alpha11 and am looking into DOMAIN.txt,
> NTDOMAIN.txt, etc, but my NT domain ignorance is preventing me from
> understanding all of it; pointers to good books welcome; I've already
> read the FAQs and docs on samba.anu.edu.au...)
ok, well feel free to ask me all kinds of questions: it will help me when
it comes to actually writing up the NT domain docs.
luke
<a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson
Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and
Support </a>