I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users & groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users & groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen
Hello Lee, I am not sure I understand what is your real need. but If you don't want to use samba-tool, you can use windows explorer to set your acls... assuming you have your file system supporting xattr, you can connect to your share drive from windows with a?privileged?account like the administrator. and then right click on the folder / property / security. you should be able to set/reset acls for users and groups.... what I used to do, is create my folder, give full priviledge and even acls (OS level) for all on that folder, and then as Admin on windows, I remove and set?privilege?for only those who need it. You might need the following under your shared folder in smb.conf:?vfs objects = acl_xattr Regards, Inno. ________________________________ De?: Lee Allen <lee at leecallen.com> ??: samba at lists.samba.org Envoy? le : Vendredi 18 janvier 2013 22h12 Objet?: [Samba] How to set ACLs with Samba4 AD? I apologize if this is very beginner/basic.? In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable.? It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am.? I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server.? How do I define ACLs for the samba shares, for domain users & groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users & groups are not defined in the OS? I see samba-tool has some ACL get/set capability.? Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba
Zitat von Lee Allen <lee at leecallen.com>:> I apologize if this is very beginner/basic. In my defense, I can't get the > Samba4 documentation to compile on my system, and I can't find the man > pages online (a pointer to them would be extremely helpful). > > And in general, I am having difficulty sorting through the documentation on > the wiki because much of it is clearly pre-Samba4 and therefore obsolete, > or at least questionable. It's hard to know what is relevant. > > Most of the posts I see here seem to be much better informed than I am. I > would love to know how they obtained their knowledge. > > So here is my question: > I am running Samba4 as an AD and file server. How do I define ACLs for the > samba shares, for domain users & groups? > These users and groups are not defined on the underlying OS (CentOS 6.3). > It seems the answer is to do it via the underlying filesystem, but how is > that possible when the domain users & groups are not defined in the OS? > > I see samba-tool has some ACL get/set capability. Is that the answer? > > Or is there some special magic to get CentOS to control file access by > referring to the Samba4 AD? > > Many thanks in advance for any help. > > And I would be very grateful for pointers to Samba4 introductory or > background material (I have used the HOW-TOs extensively).I second that - it took me some time to learn that after setting acls by "write user" for years I can now use the Windows tools. So perhaps someone could add a few lines about setting acls in the howto? regards Lukas