I am setting up a Samba Server using RedHat 8.0 to be the main file
server for a terminal server farm. After looking in to the many
different ways to integrate Samba into a Windows 2000 Domain I opted to
use winbind on the server for user/group mapping to UID's. I upgraded
the kernel to 2.4.20 from kernel.org, and patched it with
linux-2.4.20-xattr+acl+trusted-0.8.55.diff to provide ACL support (our
help desk does not have Un*x experience, so I want to make the
transition smooth).
This is a list of required shares and the security model I am looking
for:
Users: User home directories get mapped to this share, we
also use GP to provide folder redirection on the TS and want to make
sure this continues to function. The user directories are created using
'Active Directory Users and Computers', which I haven't had much
luck
with (I assume it's having a problem with modifying the ACL, because it
creates the directory but gets an access denied message when it tries to
change the permissions to just that user). I want Domain Administrators
to have full control over these directories, but users can only access
their own.
Profiles: Roaming profiles. The TS's are running SP3 which
I have read has a problem with 'nt acl support = yes', but when I
disable NT ACL Support, they get an error logging in. I don't mind
users having full control over this share as no one can accidentally get
to it.
Shared Drive: This share was originally housed on an NT
file server. It has multiple directories spanning 8+ levels deep each
one using inheritable security. I would like to emulate this as much as
possible.
I will probably be using Backup Exec 8.6 for Servers to archive these
shares using just a UNC due to lack of an agent... I am not entirely
convinced that this is the best thing to do.
I have set up simple WG samba servers in the past, but never anything
where security mattered as much... If anyone has any suggestions on
these, let me know!
