Hello all,

I'm working and searching for a few days to obtain this result :

* I want to share some directories between differents users and groups (windows XP clients) using a minimum but efficient configuration with samba and posix acls. * I would like that users windows configuration stay on locals machines (no roaming accounts), * When registering users and computers on the domain, users must keep there configuration,
* I want to manage users and groups using srvtools.exe


I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC.

My problems are :
* On windows (with administrator account), some directories don't have the acl (security) panel, * On other directories, the panel is present but I cannot modify permissions,
* Users configurations are never stored locally,
* Creating new users with srvtools not possible,
* How to keep old users windows configuration when entering the domain ?
* No way to find a good tutorial answering my needs...



Here is my configuration :


smb.conf :
------------------------------------------------
[global]
  interfaces = 192.168.1.120/24
  enable privileges = yes
  nt acl support = yes

  security = user

  netbios name = FSERVER
  workgroup = FWSERVER
  passdb backend = tdbsam
  server string = File Server

add user script = /usr/sbin/useradd -m '%u'
add group script = /usr/sbin/groupadd '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'


logon script = scripts\logon.bat
logon path =
logon drive = H:
domain logons = yes
username map = /etc/samba/smbusers

admin users = root

  socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096

  encrypt passwords = yes

  wins support = yes

  os level = 50
  domain master = yes
  local master = yes
  preferred master = yes

  name resolve order = lmhosts host wins bcast

  preserve case = yes
  short preserve case = yes

  unix password sync = yes

 passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

[public]
  writable = yes
  path = /share/public
  public = yes
  create mode = 0777
  directory mask = 0777
  admin users = root
  nt acl support = yes

[technique]
  writable = yes
  path = /share/technique
  public = no
  create mode = 0770
  directory mask = 0770
  valid users= @technique, @admins
  admin users = root
  nt acl support = yes

[stagiaires]
  writable = yes
  path = /share/stagiaires
  public = no
  create mode = 0770
  directory mask = 0770
  valid users= @stagiaires, @admins
  admin users = root
  nt acl support = yes

[secretariat]
  writable = yes
  path = /share/secretariat
  public = no
  create mode = 0770
  directory mask = 0770
  valid users= @secretariat @admins
  admin users = root
  nt acl support = yes

[finances]
  writable = yes
  path = /share/finances
  public = no
  create mode = 0770
  directory mask = 0770
  valid users = @finances @admins
  admin users = root
  nt acl support = yes
-------------------------------------------------------------------


My groupmaps seems to be good :

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) -> admins
Power Users (S-1-5-32-547) -> -1
Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) -> -1
Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> admins
Domain Users (S-1-5-21-3171617769-241562045-158900556-513) -> ntusers
Account Operators (S-1-5-32-548) -> -1
Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) -> secretariat
Technique (S-1-5-21-3171617769-241562045-158900556-3005) -> technique
Finances (S-1-5-21-3171617769-241562045-158900556-3007) -> finances
Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) -> stagiaires
Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1



Thx for help.

Max
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to