Software:
- Samba 3.0 (Stable)
- OpenLDAP 2.0.27
- Windows 2000 clients
I'd like to impliment full-blown nt-style permissions on my existing
Samba (with LDAP backend) server / shares. (i.e. file properties-->
security: different groups / users, with different permissions etc. etc.)
Now I've dug around and found that this can be supported either via ext2/3
+ some ACL patch (anyone got a link?), or xfs.
My two main questions regarding this are..
a) Does it actually work?
b) In terms of overhead / resource utilization, which is better?
Also, for those of you using ldap as a backend: in my situation, I'm using
ldap as the master information store for all machines in a heterogenous
environment (Windows, Linux, BSD, etc.). Has anyone figured out a way to
strip Samba accounts of posix attributes?
A'la user "bob" in the ldap tree is a valid user for windows
machines joined
to the domain, but will not be a valid user (or show up in standard
nss_ldap/pam_ldap posixAccount queries to the ldap store) on unix/linux
machines.
Granted, that's a pretty tall order, as to the best of my understanding
the samba ldap attributes are highly dependant on the posix attributes.
Thanks for your help folks, and constant thanks to the Samba team for
saving me the torture of dealing with Windows :)
-- Cybr0t McWhulf
