Hi, Firstly I want to declare I am a newbie to Samba. I am installing samba over Redhat 8.0 I need to know whether Samba can replace my NT4 PDC in the following aspects and how to do it:- 1. ACLs. Must i create the every user name in Samba as in the NT4 PDC? How do I create groups like "Protocol Stack" with space in between the groupname? (Making sure that the ACls are mapped properly when transfering files over to Linux Samba) 2. If I were to transfer files from the NT4 PDC to Linux Samba, can I retains the ACLs being set on NT4? How must I do to ensure the ACls are retained? (Similar to question 1) 3. Is there any method to transfer the SAM over without creating every user and group all over again? FYi, my PDC is doing file sharing only with permissions set for different groups in different levels of the directories. I am going to remove the NT4 server and use Samba ultimately. If cannot answer in 1 email, please refer me to the right documentation to do so. Thanks. newbie adrian
To use ACLs you will need an ACL-enabled kernel/filesystem and build Samba on top of this. Some distros like Mandrake now come with ACLs built in. Otherwise you will need to patch your kernel. However, if your current shares are done with whole groups then you probably don't need ACLs and can simply use the security in Samba using parameters like 'valid users=', 'write list=', 'read list=', 'force group=' etc. Much simpler from both an administration and setup point of view. There is no way to transfer your NT ACLs to Samba automatically (same as if you transferred stuff between any two volumes - you will always lose the ACLs). I don't think there is a way of grabbing the whole SAM database automatically from an existing NT domain in Samba 2.2.6 (there is something like this in 3.0 i believe?). You will need to create each user in your Samba PDC manually but if you have a large number then you could use winbindd to get a text listing of the users on the current domain and then use a script to create each of them on the Samba PDC. HTH, Noel -----Original Message----- From: Adrian Chow Seng Yien [mailto:chowadrian@icr.a-star.edu.sg] Sent: 15 November 2002 02:16 To: samba@lists.samba.org Subject: [Samba] Help on ACLs and samba Hi, Firstly I want to declare I am a newbie to Samba. I am installing samba over Redhat 8.0 I need to know whether Samba can replace my NT4 PDC in the following aspects and how to do it:- 1. ACLs. Must i create the every user name in Samba as in the NT4 PDC? How do I create groups like "Protocol Stack" with space in between the groupname? (Making sure that the ACls are mapped properly when transfering files over to Linux Samba) 2. If I were to transfer files from the NT4 PDC to Linux Samba, can I retains the ACLs being set on NT4? How must I do to ensure the ACls are retained? (Similar to question 1) 3. Is there any method to transfer the SAM over without creating every user and group all over again? FYi, my PDC is doing file sharing only with permissions set for different groups in different levels of the directories. I am going to remove the NT4 server and use Samba ultimately. If cannot answer in 1 email, please refer me to the right documentation to do so. Thanks. newbie adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
Hi Noel, Thanks for the reply. So I can create the same user id. How about the groups? Eg groupname with 2 or more words? How can I create them in Samba? Is there a possibility that I can map like abc group in Samba with abc group in NT4 PDC? Are you saying that if you copy files from the NT4 PDC to Samba Linux, the ACLs will be lost? No way to preserve them? adrian>>> Noel Kelly <nkelly@citrusnetworks.net> 11/15/02 04:49PM >>>To use ACLs you will need an ACL-enabled kernel/filesystem and build Samba on top of this. Some distros like Mandrake now come with ACLs built in. Otherwise you will need to patch your kernel. However, if your current shares are done with whole groups then you probably don't need ACLs and can simply use the security in Samba using parameters like 'valid users=', 'write list=', 'read list=', 'force group=' etc. Much simpler from both an administration and setup point of view. There is no way to transfer your NT ACLs to Samba automatically (same as if you transferred stuff between any two volumes - you will always lose the ACLs). I don't think there is a way of grabbing the whole SAM database automatically from an existing NT domain in Samba 2.2.6 (there is something like this in 3.0 i believe?). You will need to create each user in your Samba PDC manually but if you have a large number then you could use winbindd to get a text listing of the users on the current domain and then use a script to create each of them on the Samba PDC. HTH, Noel -----Original Message----- From: Adrian Chow Seng Yien [mailto:chowadrian@icr.a-star.edu.sg] Sent: 15 November 2002 02:16 To: samba@lists.samba.org Subject: [Samba] Help on ACLs and samba Hi, Firstly I want to declare I am a newbie to Samba. I am installing samba over Redhat 8.0 I need to know whether Samba can replace my NT4 PDC in the following aspects and how to do it:- 1. ACLs. Must i create the every user name in Samba as in the NT4 PDC? How do I create groups like "Protocol Stack" with space in between the groupname? (Making sure that the ACls are mapped properly when transfering files over to Linux Samba) 2. If I were to transfer files from the NT4 PDC to Linux Samba, can I retains the ACLs being set on NT4? How must I do to ensure the ACls are retained? (Similar to question 1) 3. Is there any method to transfer the SAM over without creating every user and group all over again? FYi, my PDC is doing file sharing only with permissions set for different groups in different levels of the directories. I am going to remove the NT4 server and use Samba ultimately. If cannot answer in 1 email, please refer me to the right documentation to do so. Thanks. newbie adrian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba