"Dr. Hansjörg Maurer"
2004-Jun-04 20:23 UTC
[Samba] samba with acl support as member auf a samba controlled domain?
Hi I am running a Samba PDC and a Samba member server in his domain. The member server acts as a file server with unix acl's working. Is it possible to get these acl's working under samba to? The docs seem to say, that acl's are only possible if samba is a memberserver in an NT-Domain using winbind. In my case the PDC acts as a LDAP Server and the Member server is gets the unix account information from Ldap. I am running samba 3.0.4 and had no sucesse with this setup. The windows client shows acls not as for the domain\user but for the memberserver\user Here is my smb.conf [global] log file = /var/log/samba/log.%m log level =2 security = domain workgroup = ITSYSTEMS encrypt passwords = yes netbios name = chardonnay server string = Install-Server password server = 192.168.0.1 machine password timeout = 604800000 guest account = gast os level=25 wins support = no wins server = 192.168.0.1 dns proxy = no username map = /etc/smbusers preferred master = no domain master = no local master = no name resolve order = wins hosts socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.0. bind interfaces only = Yes deadtime=180 keepalive = 3600 unix charset = iso8859-15 display charset = iso8859-15 [install] comment = Install Verzeichnis path = /install read only = no public = yes Thank you very much Hansj?rg Maurer -- Dr. Hansj?rg Maurer itsystems Deutschland AG Linprunstr. 10 D-80335 M?nchen Ph/Fax +49 89 52 04 68-41/-59
Hansjoerg Maurer
2004-Jun-08 11:49 UTC
[Samba] samba with acl support as member auf a samba controlled domain?
Hi we got it working. There were two poblems. -we had to update the samba PDC to 3.0.4 (formerly 3.0.1), because an error. -we had to use winbindwithout a uid and gid range some tests for winbind [root@chardonnay root]# wbinfo -t checking the trust secret via RPC calls succeeded This message I get after installing 3.0,4 on the pdc. Without samba 3.01 on ther PDC there was an error root@chardonnay root]# wbinfo -g ... Management itsdgroup root@chardonnay root]# wbinfo -u [root@chardonnay root]# wbinfo -u Administrator itsd krocka maurer trinkl Find attched my smb.conf for the client Greetings Hansj?rg [global] log file = /var/log/samba/log.%m #log level = 3 passdb:5 auth:10 winbind:5 log level =0 security = domain workgroup = ITSYSTEMS encrypt passwords = yes netbios name = chardonnay server string = Install-Server password server = 192.168.0.1 machine password timeout = 604800000 winbind trusted domains only = yes winbind use default domain = yes winbind nested groups = yes idmap uid = 10000-10000 idmap gid = 10000-10000 guest account = gast os level=25 wins support = no wins server = 192.168.0.1 dns proxy = no username map = /etc/samba/smbusers #preferred master = no #domain master = no #local master = no name resolve order = wins hosts socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168.0. bind interfaces only = Yes interfaces = 127.0.0.1, bond0 deadtime=180 keepalive = 3600 unix charset = iso8859-15 display charset = iso8859-15 [install] comment = Install Verzeichnis path = /install read only = no # security mask = 0770 # force group = itsdgroup # force user = itsd # force create mode = 0664 # create mask = 0664 # directory mask = 0777 [backup] comment = Backup von Kunden path = /backup read only = no force group = itsdgroup force user = itsd force create mode = 0664 create mask = 0664 directory mask = 0777 Guillaume Anfroy wrote:>Guten tag, > >I am trying to make the acl working on a domain with a single samba >server(as a PDC). I've checked the docs, the newsgroup and I haven't found >any information about anyone who did in any other way that with a >Windows(tm) PDC. > >I will try to get a confirmation on that information and I will keep you >informed. > >Unless you already get the confirmation that it is impossible to make samba >works with acl withtout a Windows PDS or AD server ? > >Regards, > >Guillaume >----- Original Message ----- >From: "Dr. Hansj?rg Maurer" <hansjoerg.maurer@itsd.de> >Newsgroups: linux.samba >Sent: Friday, June 04, 2004 10:30 PM >Subject: [Samba] samba with acl support as member auf a samba controlled >domain? > > > > >>Hi >> >>I am running a Samba PDC and a Samba member server in his domain. >>The member server acts as a file server with unix acl's working. >> >>Is it possible to get these acl's working under samba to? >> >>The docs seem to say, that acl's are only possible if samba is a >>memberserver in an NT-Domain using winbind. >> >>In my case the PDC acts as a LDAP Server and the Member server is gets >>the unix account information from Ldap. >> >>I am running samba 3.0.4 and had no sucesse with this setup. >>The windows client shows acls not as for the domain\user but for the >>memberserver\user >> >>Here is my smb.conf >> >>[global] >>log file = /var/log/samba/log.%m >>log level =2 >>security = domain >> >>workgroup = ITSYSTEMS >>encrypt passwords = yes >>netbios name = chardonnay >>server string = Install-Server >>password server = 192.168.0.1 >>machine password timeout = 604800000 >> >>guest account = gast >>os level=25 >>wins support = no >>wins server = 192.168.0.1 >>dns proxy = no >>username map = /etc/smbusers >>preferred master = no >>domain master = no >>local master = no >>name resolve order = wins hosts >> >> >>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>hosts allow = 192.168.0. >>bind interfaces only = Yes >>deadtime=180 >>keepalive = 3600 >> >> >>unix charset = iso8859-15 >>display charset = iso8859-15 >> >> >>[install] >> comment = Install Verzeichnis >> path = /install >> read only = no >> public = yes >> >> >>Thank you very much >> >> >>Hansj?rg Maurer >> >>-- >>Dr. Hansj?rg Maurer >>itsystems Deutschland AG >>Linprunstr. 10 >>D-80335 M?nchen >>Ph/Fax +49 89 52 04 68-41/-59 >> >> >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: http://lists.samba.org/mailman/listinfo/samba >> >> > > > >-- _________________________________________________________________ Dr. Hansjoerg Maurer | LAN- & System-Manager | Deutsches Zentrum | DLR Oberpfaffenhofen f. Luft- und Raumfahrt e.V. | Institut f. Robotik | Postfach 1116 | Muenchner Strasse 20 82230 Wessling | 82234 Wessling Germany | | Tel: 08153/28-2431 | E-mail: Hansjoerg.Maurer@dlr.de Fax: 08153/28-1134 | WWW: http://www.robotic.dlr.de/ __________________________________________________________________ There are 10 types of people in this world, those who understand binary and those who don't.