similar to: Samba3/ADS: share permissions vs ACLs

Hi, I've a samba 3.0.24 server running in a debian "alike" OS with a (Open)LDAP backend and I'm having the following problem: I have LDAP users that belong to more than one (POSIX) group. For instance, I have a user2 that belongs to group "users" and "grupo2" and I have a share with the following ACL settings: getfacl /home/shares/share1/ getfacl: Removing

Hey List, I need just a bit of help. I'm stuck on my integration of a samba server into an ADS domain. I've read(and re-read) the entire Samba How-To as well as several other articles on the net. Here is what I need to do: Have a share set up so that windows users can browse to it via Win Explorer/Network Neighborhood and not have to provide credentials as 2nd time (SSO type stuff)

Hello folks, I have some directories within a samba 3.x share which I want to give granulated security settings for various users and groups. I could use of course "setfacl" and POSIX ACLs to accomplish that, but some of these ACL should be also able to be set by some users. These users of course has no access to my linux host where samba3 is running, so they only can do that by

Hi all, The part that I don’t understand is why the behavior is different when there are ACLs involved. Take the below example: # This share is chmod 777, [share1] path = /srv/share1 # mode is 0777, no ACLs readonly = no create mask = 0660 [share2] path = /srv/share2 # mode is 0770, ACLs readonly = no inherit acts = yes create mask = 0660 share1 acts exactly as expected — I get a 0660

I have a samba 3.0.14 server attached to a 2003 ADS server. (verified with: wbinfo -u/-g, getent passwd/group, net ads testjoin) And i can attach to the Samba server using an XP workstation's MMC, but when i attempt to change ACL's (share perms or security tab) i get a warning window popup stating, "Changes cannot be saved. Access is denied" I am logged into the AD/DC as

On Thu, 20 Dec 2018 01:32:16 -0800 christian russell <christian.baltini at gmail.com> wrote: > Hi Rowland, I see the typo now too — I retyped it from scratch … oops. > > Here it is. > > [global] > workgroup = HOME > netbios name = IPA > realm = HOME.FRAPLIN.FUN > kerberos method = dedicated keytab > dedicated keytab file =

Hello, I've been unable to succeed with Samba-Ldap setup on SLES9 until this evening. I thought I had a PAM issue but that was not the case. To cut to the chase, I ran Yast's 'ldap-server' module without any changes as it found the ldap server settings. Once finished I could join the domain from XP Pro which is what I was unable to do. I checked what Yast did and it reset

I've got samba-3.0.0-14.3E, and am trying to connect to a Windows 2000 domain using security = ADS After following the instructions in the Samba-HOWTO-Collection, I've got kinit working, and am able to browse the Windows 2000 machines shares with smbclient //win2kmixed/c\$ -k without a password. However, if I try to connect to the machine, either through network neighborhood or with (on

I've got samba-3.0.0-beta3-rc1 running, and am trying to connect to a Windows 2000 domain using security = ADS After following the instructions in the Samba-HOWTO-Collection, I've got kinit working, and am able to browse the Windows 2000 machines shares with smbclient //win2kmixed/c\$ -k without a password. However, if I try to connect to the machine, either through network neighborhood

Hello! I'm running Samba 2.2.8a on top of a ext3 filesystem with ACLs enabled. (kernel 2.4.20-gentoo-r2) With ACLs disabled (i.e., mount /dev/hdd1 /mnt/floppy (no -o ACL)), the Security box under windows 2000 works like I want it to with respect to the Everyone group; If I want the Linux permissions to be, say, 770 (rwxrwx---), I can select everyone and hit "Remove." The everyone

Hi, I've got a strange behaviour on a share when I copy files with files explorers (like Thunar, Nautilus, ...). This is the share configuration : [share1] comment = Share 01 path = /home/shares/share1 valid users = +share1 force group = share1 read only = No create mask = 0660 force create mode = 0660 directory mask = 1770 force directory mode = 1770 browseable = No

I have winbind working and it is providing security for my shares. Now, I would like to implement ACLs so I can help my backup users manage everything through MMC. Following is a copy of my smb.conf file. [global] workgroup = XX winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes

I am experiencing some odd behavior with a SAMBA server running on a Red Hat Enterprise Linux 3 system. Users are authenticating against a Windows domain, and then connecting to their home directory shares, defined as: [homes] comment = Home Directories hide unreadable = Yes valid users = %S read only = No create mask = 0664 directory mask = 0775

I've got a share where I needed the permissions to be 770 and I think an Apple Mac computer is connecting to a Samba share and changing the permissions each day. At the end of the day, I'll set permissions to: root at backblaze000002:/share1/QuinceCt/.TemporaryItems# ls -la total 12 drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare 16 Nov 15 14:57 . drwxrwx--- 9 jlehmanjr

hello list, after successfully playing around to get a working samba 3.0.1-PDC-LDAP-Suse9 configuration a new challenge takes place : scenario: suse9 with samba 3.0.1 as a member server in a NT4 controlled domain. winbind works as expected (thanks to documention authors). There seems to be no problem with file sharing, ACL is working properly (I'm using xfs filesystem). :-) so, now the

Hello all, I've been trying to figure out what the best way of doing the group policy thing is. We are running samba 3 on slackware 9 with winxp clients. We are a school. i'm unclear on how much AD is actually supported... OU GPO all that. so i decided to go the "administrative template" way (used to be .pol files) I'm thinking of having the students run off of a

I have a need to setup the recycle vfs object on our server. On my test server, I have all of the shares on a single drive and have put the following into each share: vfs_objects = recycle recycle:repository = [Actual Path and Partition that the share is located] recycle:directory_mode = 770 recycle:keeptree = Yes recycle:touch_mtime = Yes recycle:versions = Yes It works like a charm. All

Is the issue below addressed in 3.0.25b? (no freebsd port available yet so I'm still at 3.0.25a) I can't see anything specifically about this in the release notes. I just want to add that I've also seen this behaviour on a windows xp x64 client. It's a pretty serious problem.. so I'm also thinking I may have to revert to an earlier version if it doesn't look like a

Hello, everyone, I'm seeing some inconsistent behavior across SMB clients when configuring shares using the "msdfs proxy" parameter, and was hoping to get some advice from the community on this. My issue is that various SMB clients seem to behave differently when this parameter is pointed as a path that includes a sub-folder under the root share. So, given the following share

Hello all, Got samba with AD integration and extended ACL up and running. Here is what I am trying to do. share1 in smb.conf: [share1] comment = share1 path = /mnt/data/share1 public = no writable = yes printable = no valid users = @DOMAIN+group1 user1 and user2 are members of group1 user3 is not user1 creates