Hi all, As promised, I have started a howto document on setting up Samba with NT ACL support, based on experiences in my workplace, as documentation for this seems to be on the short side at the moment. It is available at the following address: http://www.bluelightning.org/linux/samba_acl_howto I have yet to convert it to proper DocBook format, and it needs more material (probably corrections, too). Please feel free to comment. Cheers, Paul Eggleton
Paul, Are you willing to contribute your HOWTO material to the official Samba-HOWTO-Collection? I have made several requests for feedback and help in getting the official HOWTO completely up to date before Samba-3 ships and would appreciate your assistance also. - John T. On Mon, 21 Apr 2003, Paul Eggleton wrote:> Hi all, > > As promised, I have started a howto document on setting up Samba with NT ACL > support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto > > I have yet to convert it to proper DocBook format, and it needs more material > (probably corrections, too). Please feel free to comment. > > Cheers, > Paul Eggleton >-- John H Terpstra Email: jht@samba.org
Thanks, Paul! I can appreciate what you have gone through to cull this much info together -- couldn't you have done a couple months earlier?! Would have saved me a bunch of time ... :) gary Paul Eggleton wrote:> Hi all, > > As promised, I have started a howto document on setting up Samba with NT ACL > support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto > > I have yet to convert it to proper DocBook format, and it needs more material > (probably corrections, too). Please feel free to comment. > > Cheers, > Paul Eggleton
There are some good pointers in this Samba+ACL+Winbind howto... http://www.jaxlug.org/samba_presentation/text0.html Jim> -----Original Message----- > From: samba-bounces+creole3=bellsouth.net@lists.samba.org > [mailto:samba-bounces+creole3=bellsouth.net@lists.samba.org]On > Behalf Of > Paul Eggleton > Sent: Monday, April 21, 2003 1:40 AM > To: samba@lists.samba.org > Subject: [Samba] Unofficial Samba+ACL howto > > > Hi all, > > As promised, I have started a howto document on setting up > Samba with NT ACL > support, based on experiences in my workplace, as > documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto > > I have yet to convert it to proper DocBook format, and it > needs more material > (probably corrections, too). Please feel free to comment. > > Cheers, > Paul Eggleton > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >OutBound Mail Scanned by Mcafee Web Appliance.
On Mon, Apr 21, 2003 at 05:39:56PM +1200, Paul Eggleton wrote:> Hi all, > > As promised, I have started a howto document on setting up Samba with NT ACL > support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howtoGood ;) We have a Samba working with XFS ACLs without Winbind (i think) here at EFREI (French engineering school). I could contribute with my NT admin to your HOWTO (or any other) to add some info, as i think i won't have the time to write a complete one. Jerome -- -+-- J?r?me Walter - I2 EFREI ----+- Equipe Syst?me - Efrei Robotique - Jap'Efrei - Erasmus Tutors "The World is my country" - "Nihon no tomodachi desu" EFREI System and Networking guide http://perso.efrei.fr/~walter/
Jerome, FWIW: I've done some documentation on how I put samba, ADS and ACLs together. It's working pretty good. Here's a link to what I've got so far if you'd like to use it or reference it. It's pretty rough, but may be helpful. I still have some more notes I need to add and it's not formatted correctly yet. http://www.netmechanix.net/linux/samba/sambahowto1.html I'm glad someone is doing this and would be happy to help with it. Rick Segeberg Network Admin Waterford Institute -----Original Message----- From: Jerome Walter [mailto:walter+samba@efrei.fr] Sent: Mon 4/21/2003 11:16 AM To: samba@lists.samba.org Cc: Subject: Re: [Samba] Unofficial Samba+ACL howto On Mon, Apr 21, 2003 at 05:39:56PM +1200, Paul Eggleton wrote: > Hi all, > > As promised, I have started a howto document on setting up Samba with NT ACL > support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto Good ;) We have a Samba working with XFS ACLs without Winbind (i think) here at EFREI (French engineering school). I could contribute with my NT admin to your HOWTO (or any other) to add some info, as i think i won't have the time to write a complete one. Jerome -- -+-- J?r?me Walter - I2 EFREI ----+- Equipe Syst?me - Efrei Robotique - Jap'Efrei - Erasmus Tutors "The World is my country" - "Nihon no tomodachi desu" EFREI System and Networking guide http://perso.efrei.fr/~walter/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ************************************* This e-mail may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited. We reserve the right to monitor e-mail sent through our network. *************************************
I have been doing some investigation into using LDAP/ACL/SAMBA to provided login and access priviledges to windows 98/xp clients. As stated in some of these howto's, they are a bit rough around the edges. I was just curious as to if anyone has successfully implemented LDAP/ACL/SAMBA, and could provide some insight as to its implementation. Thanks -----Original Message----- From: Rick Segeberg [mailto:rick.segeberg@waterford.org] Sent: Monday, April 21, 2003 2:09 PM To: walter+samba@efrei.fr; samba@lists.samba.org Subject: RE: [Samba] Unofficial Samba+ACL howto Jerome, FWIW: I've done some documentation on how I put samba, ADS and ACLs together. It's working pretty good. Here's a link to what I've got so far if you'd like to use it or reference it. It's pretty rough, but may be helpful. I still have some more notes I need to add and it's not formatted correctly yet. http://www.netmechanix.net/linux/samba/sambahowto1.html I'm glad someone is doing this and would be happy to help with it. Rick Segeberg Network Admin Waterford Institute -----Original Message----- From: Jerome Walter [mailto:walter+samba@efrei.fr] Sent: Mon 4/21/2003 11:16 AM To: samba@lists.samba.org Cc: Subject: Re: [Samba] Unofficial Samba+ACL howto On Mon, Apr 21, 2003 at 05:39:56PM +1200, Paul Eggleton wrote: > Hi all, > > As promised, I have started a howto document on setting up Samba with NT ACL > support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto Good ;) We have a Samba working with XFS ACLs without Winbind (i think) here at EFREI (French engineering school). I could contribute with my NT admin to your HOWTO (or any other) to add some info, as i think i won't have the time to write a complete one. Jerome -- -+-- J?r?me Walter - I2 EFREI ----+- Equipe Syst?me - Efrei Robotique - Jap'Efrei - Erasmus Tutors "The World is my country" - "Nihon no tomodachi desu" EFREI System and Networking guide http://perso.efrei.fr/~walter/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ************************************* This e-mail may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited. We reserve the right to monitor e-mail sent through our network. ************************************* -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
On Tue, 22 Apr 2003 01:09, John H Terpstra wrote:> Paul, > > Are you willing to contribute your HOWTO material to the official > Samba-HOWTO-Collection? I have made several requests for feedback and help > in getting the official HOWTO completely up to date before Samba-3 ships > and would appreciate your assistance also. >Certainly, I would be happy for this howto to be included. Anything you want me to do in order for this to happen? (Formatting or otherwise). I would certainly like one of the Samba developers to go over it carefully first and make comments. Cheers, Paul
On Tue, 22 Apr 2003, Paul Eggleton wrote:> On Tue, 22 Apr 2003 01:09, John H Terpstra wrote: > > Paul, > > > > Are you willing to contribute your HOWTO material to the official > > Samba-HOWTO-Collection? I have made several requests for feedback and help > > in getting the official HOWTO completely up to date before Samba-3 ships > > and would appreciate your assistance also. > > > > Certainly, I would be happy for this howto to be included. Anything you want > me to do in order for this to happen? (Formatting or otherwise). I would > certainly like one of the Samba developers to go over it carefully first and > make comments.Can you email me your source files please. Thanks. - John T. -- John H Terpstra Email: jht@samba.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Date: Mon, 21 Apr 2003 17:39:56 +1200 > From: Paul Eggleton <bluelightning@bluelightning.org> > To: samba@lists.samba.org > Subject: [Samba] Unofficial Samba+ACL howto > Message-ID: <200304211739.56852.bluelightning@bluelightning.org> > Content-Type: text/plain; > charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Precedence: list > Message: 11 > > Hi all, > > As promised, I have started a howto document on setting up Samba withNT ACL> support, based on experiences in my workplace, as documentation for this > seems to be on the short side at the moment. > > It is available at the following address: > > http://www.bluelightning.org/linux/samba_acl_howto > > I have yet to convert it to proper DocBook format, and it needs morematerial> (probably corrections, too). Please feel free to comment. > > Cheers, > Paul EggletonOf course, your HOWTO is RedHat Linux-specific. On both SuSE and Mandrake, implementing ACLs is substantially easier, as nothing needs to be compiled. Mandrake version: 2)Install Mandrake. If you are using 8.2 or earlier, use XFS as filesystem on the filesystems that you would like to use ACLs on. For Mandrake 8.0 and earlier, you will have to build your own kernel, and rebuild the samba SRPMs available on the samba FTP mirrors with ACL support, which is documented in the README.txt file. Note that the kernel shipping with 9.1 does not have ACLs enabled (see http://qa.mandrakesoft.com/show_bug.cgi?id=3615), but it should be possible to use the kernel from 9.0 updates. 2.3)If using ext3 (Mandrake 9.0 kernel), enable acl on the filesystems you with to use ACLs on. 2.4)urpmi samba-server. If you would like LDAP support, get ldap-enabled RPMs for Mandrake (8.0 through 9.1) on the samba FTP mirrors. All Mandrake samba packages since those shipped with 8.1 have ACL support available by default. 2.5.2)Mandrake 9.1 ships with packages of samba3 (alpha22) in contrib, add a contrib source (using urpmi.setup, which you may need to install with urpmi) and: # urpmi samba3-server samba3 and samba are setup to co-exist on Mandrake 9.1, but you will have to take some steps to run them simultaneously. 2.5.3) See http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind and http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf 3.1.3)On XFS, xfsdump natively archives ACLs. If you are using tar (for example with amanda) you can dump your ACLs to file, and backup the file you dumped the ACLs to. Some people asked about LDAP/ACLS etc. Jim Collings has been working on a howto for a Samba/LDAP PDC (concerning just one server), which is just about finished (if he agrees, I will host it temporarily for review until it is published). While reviewing his document this weekend, I decided to write one covering the LDAP slave/BDC side of things (we have been running a setup with LDAP-Samba PDC/BDC for almost 3 months now). I have just made it available for review at: http://ranger.dnsalias.com/samba-ldap-advanced.html Please note it is a work in progress, and I only connected samba3 to the LDAP server last night for the first time ... Original plan was to publish on http://mandrakesecure.net as a follow-up to the first Unix-based article on LDAP there, but I could look at including it with samba. Anyway, getting the ACL bit working with LDAP is no different than without LDAP, as long as your are using nss_ldap on the samba server. I have not experimented without using nss_ldap ... but it may not be possible or desirable. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+pVQtrJK6UGDSBKcRAgwvAJwP5uzDS4sgVJp9wTr6c3HWckW/pwCgoIwo wemRqufdXcmw9a/WDG9q6Ts=Zu9R -----END PGP SIGNATURE-----
Hi all, I have finally got around to updating my unofficial HOWTO on setting up Samba with ACL support: http://www.bluelightning.org/linux/samba_acl_howto As always, comments and suggestions welcome. Cheers, Paul PS: Where is everyone lately? There seem to be a lot more questions than answers on this list over the last few days. On the other hand I guess it is getting pretty close to release time.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 54 > Date: Wed, 23 Jul 2003 13:11:38 +1200 > From: "Paul Eggleton" <paule@cjntech.co.nz> > Subject: [Samba] Unofficial Samba+ACL HOWTO > To: <samba@lists.samba.org> > Message-ID: <3DBF3DDF86B734419FC2A60F1D81833E05F470@cjnwin2000> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > I have finally got around to updating my unofficial HOWTO on setting up > Samba with ACL support: > http://www.bluelightning.org/linux/samba_acl_howto > > As always, comments and suggestions welcome. >You may want to change the title to be "Unofficial Redhat Samba + ACL + Winbind Howto", since most other distros have ACL support out the box (Mandrake since 8.1 has had ACL support on XFS, 9.0 had ACL support on ext2/3 also, most recent SuSE releases had ACL support on XFS, some on ext2/3, I believe one of the Debain kernels has XFS/ACL support), and Mandrake 9.0 and 9.1 will setup winbind for you during installation. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/HrM8rJK6UGDSBKcRAgZeAKC+wZN5sJpsLMUWYN/n7li//8KveQCeP8D9 c6zUongSCjg3j5bwiUOy7Qw=jM6n -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to info@cae.co.za for a copy. ******************************************************************
Buchan Milne wrote on Thursday, 24 July 2003 4:10 a.m.:> You may want to change the title to be "Unofficial Redhat Samba + ACL > + Winbind Howto", since most other distros have ACL support out the > box (Mandrake since 8.1 has had ACL support on XFS, 9.0 had ACL > support on ext2/3 also, most recent SuSE releases had ACL support on > XFS, some on ext2/3, I believe one of the Debain kernels has XFS/ACL > support), and Mandrake 9.0 and 9.1 will setup winbind for you during > installation.I do realise my howto is very Red Hat specific, however there are plenty of other distributions that don't have ACL support out of the box (Slackware, Gentoo, others?). Besides, merely having ACLs enabled in the file system is not enough - you have to understand the limitations of POSIX ACLs as well as how Samba's ACL support works, which is the other main point of the howto. Cheers, Paul