Marco Gaiarin
2018-Sep-05 14:14 UTC
[Samba] Upgraded a member server to 4.8, rfc2307 data?
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> idmap config LNFFVG: unix_primary_group = yesIt is needed? AFAI've understood it means that users will have UNIX primary group the windows group and not 'domain users', but reeally i don't need that... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2018-Sep-05 14:31 UTC
[Samba] Upgraded a member server to 4.8, rfc2307 data?
On Wed, 5 Sep 2018 16:14:43 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > idmap config LNFFVG: unix_primary_group = yes > > It is needed? AFAI've understood it means that users will have UNIX > primary group the windows group and not 'domain users', but reeally i > don't need that... >Three things need to be set before 'Domain Users' isn't used as a users primary group: 'idmap config DOMAIN : unix_primary_group = yes' must be set in smb.conf A group must have a gidNumber attribute containing a number inside the range set. The users must have a 'gidNumber' attribute containing the same number. If any of the above isn't set/correct, Domain Users will be used as the users primary group. Rowland
L.P.H. van Belle
2018-Sep-05 15:04 UTC
[Samba] Upgraded a member server to 4.8, rfc2307 data?
My eyes changed some words again and the is the important part. This is what i did mean. >> The headache points for people. << Now my users switch departments, if wrongly setup, both users CAN NOT read/write one anothers files. In my case, both users CAN read/write the created files from one another, no headache ;-)> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: woensdag 5 september 2018 16:59 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Upgraded a member server to 4.8, rfc2307 data? > > Hai Marco, > > If you dont need it, then you can remove it. > And in addition to Rowland comment, i'll show how i use it. > > In reply to. > >It is needed? AFAI've understood it means that users will > have UNIX primary group the windows group > >and not 'domain users', but reeally i don't need that... > > I'll explain how i use it and why, maybe its useable for you > or others. > > My windows group "Domain User" always the default for the > users, it is the default group for every user, except guests. > This is the windows default, i did assign GID's to > "domain users" > "domain admins" < most people dont use this or use with > care on the linux side. > "domain guest" > "domain computer" < most people dont use this or use with > care on the linux side. > > And some other groups i need on linux, only the groups i need > (on linux) have GID assigned. > And yes, i did need all the "domain ...." groups in linux > also.. I needed these. > That why domain admins is having a GID. > > I do want my windows users to login on linux systems and use > "Domain Users" as primary group. > > I use this to overcome some inherit problems. > Remember this, and this is the most important part imo. > 17XX "Creator Owner" > 277X "Creator Group" > 377X "Creator Owner and Creator Group" > > /data root:"Domain Admins" 1755 ( allow everybody > in this folder, even guests ) > everyone can walk/enter this folder (/data) due to the > last 5 in 1775 on linux. > > /data/dep1 root:"Dep1" 2770 ( allow users/group > rights) and if member of "Dep1" only then you can enter and > read/write. > /data/dep2 root:"Dep2" 2770 ( allow users/group > rights) and if member of "Dep2" only then you can enter and > read/write. > > If user1 creates a file in /data/dep1 , it creates it as > user1:"Domain User" > If user2 creates a file in /data/dep2 , it creates it as > user2:"Domain User" > But > User1 is not able to access /data/dep2 due to the group > restriction Dep1. > User2 is not able to access /data/dep1 due to the group > restriction Dep2. > > >> The headache points for people. << > Now my users switch departments, if wrongly setup, both users > and read/write one anothers files. > In my case, both users and read/write the created files from > one another, no headache ;-) > > This is a bit how i setup my rights. ( depending on server > and use of the server ). > > And please note, this is only the LINUX PART of the rights. > And best is to keep this as much as possible in line. > > I hope this helps a bit for you and others. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Marco Gaiarin via samba > > Verzonden: woensdag 5 september 2018 16:15 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Upgraded a member server to 4.8, > rfc2307 data? > > > > Mandi! L.P.H. van Belle via samba > > In chel di` si favelave... > > > > > idmap config LNFFVG: unix_primary_group = yes > > > > It is needed? AFAI've understood it means that users will > > have UNIX primary > > group the windows group and not 'domain users', but reeally i > > don't need > > that... > > > > -- > > dott. Marco Gaiarin GNUPG > > Key ID: 240A3D66 > > Associazione ``La Nostra Famiglia'' > > http://www.lanostrafamiglia.it/ > > Polo FVG - Via della Bontà, 7 - 33078 - San Vito al > > Tagliamento (PN) > > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > > f +39-0434-842797 > > > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Marco Gaiarin
2018-Sep-06 12:10 UTC
[Samba] Upgraded a member server to 4.8, rfc2307 data?
Mandi! Rowland Penny via samba In chel di` si favelave...> A group must have a gidNumber attribute containing a number inside the > range set. > The users must have a 'gidNumber' attribute containing the same number.'samba-tool' check/enforce that? Or belong to the user? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)