On 9/12/22 3:39 AM, tom uijldert via samba wrote:> Hi Rowland,
>
> Thanks for the tips, much appreciated. Please find my response below.
>
> Thanks,
> Tom.
>
> -----Original Message-----
> From: Rowland Penny <rpenny at samba.org>
> Sent: 09 September 2022 17:39
>
>>>
>>> Joined to our domain as member server, all domain users are mapped
to
>>> 1 unix account/group.
>>
>> It would be better to recreate the group in AD (or use Domain Users
which all domain members are members of), delete the Unix group and then use
vfs_acl_xattr and set > the permissions either from Windows od with setfacl.
>
> The goal here is/was to have a directory that could be used fairly freely
by all domain members of that particular group.
> This seemed to me the most simple and straightforward setup.
> The unix security setting is simple and something I more or less
"get" where, frankly, the whole Windows ACL-stuff seems overly
complicated. But granted, that may be my limitation.
The most simple setup I use when there are no complex ACL requirements,
like your example, just let a group of people work freely on a share, I
use this:
[share]
...
create mask = 660
directory mask = 770
force group = mygroup
valid users = @mygroup
Just plain Unix permissions, no POSIX ACLs, no Windows ACLS.
>
>>
>> It would also help if you posted your smb.conf (that way we can confirm
how you are running Samba).
>
> Please find the smb.conf attached, it is the share [volwww] that we are
testing.
> For completeness sake I also included the mapping file (users.map).
>
>
>