Here's my situation, hoping that some of you who are running Samba in an AD environment will have insight: Samba is acting as a member file server in an AD domain. In addition to the domain containing Samba, there are two other domains in the AD forest. All three domains have full trust between them. Each domain has a Global Security Group called ACAD_ENGR. Samba (through winbind) sees them as DOM1+ACAD_ENGR, DOM2+ACAD_ENGR, and DOM3+ACAD_ENGR. I'd like members from all three groups to have write access to a particular directory. This needs to be done with filesystem permissions, not share permissions, because underneath each directory there are further subdirectories that have varying access rights matched to other groups in the three domains. Thoughts? Is this possible with Samba? -- Joshua Penix http://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting
Joshua Penix wrote:> Here's my situation, hoping that some of you who are running Samba in > an AD environment will have insight: > > Samba is acting as a member file server in an AD domain. In addition > to the domain containing Samba, there are two other domains in the AD > forest. All three domains have full trust between them. Each domain > has a Global Security Group called ACAD_ENGR. Samba (through winbind) > sees them as DOM1+ACAD_ENGR, DOM2+ACAD_ENGR, and DOM3+ACAD_ENGR. I'd > like members from all three groups to have write access to a > particular directory. This needs to be done with filesystem > permissions, not share permissions, because underneath each directory > there are further subdirectories that have varying access rights > matched to other groups in the three domains. > > Thoughts? Is this possible with Samba? > > --Joshua Penix http://www.binarytribe.com > Binary Tribe Linux Integration Services & Network Consulting >Have you tried using ACLs? -- -Toby