Thanks to some of the guys on #samba-technical (obnox in particular!), I
now have a working samba configuration.
The environment:
In our setup each user has an entry in both openldap (no samba schemes)
and AD. Each account has the same name and even has a Unix UID entry in
AD. Our users ssh into Linux boxes, authenticating off of openldap.
Files are shared via samba.
Due to the account duplication the config I use has NO winbind. Instead
the username map script option is used with echo
username map script = echo
A rather simple but beatiful solution thanks to the IRC lads. User "bob"
auths via AD, the AD username is mapped to unix username and file
permissions work perfectly.
ACLS:
The filesystem supports ACLS. When I view the security tab on a Windows
7 client, I see the user perissions as following
Everyone
bob (Unix User\bob)
staff (Unix Group\staff)
If I add an acl for tom on the unix server via setfacl I then see
Everyone
bob (Unix User\bob)
tom (Unix User\tom)
staff (Unix Group\staff)
Great!
Attempting to add a user to the ACLs from the windows side fails however.
I click edit, then add and type in a username
In the box I now have
bob (Unix User\bob)
tom (Unix User\tom)
nigel (DOMAIN\nigel)
staff (Unix Group\staff)
Note the DOMAIN and not "Unix User". Clicking apply simply makes the new
entry disappear.
If username mapping is working correctly, why does adding an ACL for
DOMAIN\nigel not set an ACL for Unix User\nigel?
Any help appreciated!
Colin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
