Hi samba group,
I'm trying to get samba to act like Windows in the Security tab (to be able to add, remove, and modify ACLs on certain files/folders). We are running Centos 5.2 (2.6.18-92.1.22.el5) with XFS installed for the /share partition. I currently have these versions of samba installed: samba-3.0.28-1.el5_2.1 samba-common-3.0.28-1.el5_2.1 I am pretty sure the ACL is all setup and working correctly. I can maintain ACL from Linux and I can even see them in the security tab for windows. I can also remove users from the security tab in Windows. These are the things I need help with . When I try and add a user it ask me for a username and password. I cannot get this to accept my password. . When I first load up the security tab it shows a long number "S-1-5-21-..." This screen takes a while to change these numbers to names. Is there a way to speed this up? . Is there a way to restrict people from adding them self to files/folder they do not have access to? I have looked all over and cannot find clear instructions on how to set ACL up in a user environment. If you could point me to one of these documents that would be very helpful. We currently have Samba setup to work without a domain. I have read on other websites that this is not a good idea: One problem with Samba ACL support is that listing users to use for access control entries (ACEs) within ACLs can be troublesome. Specifically, if you're using Samba in a standalone mode (i.e., configured with "user" security mode), Windows 2000 and Windows XP users might not be able to consistently list Samba users when configuring an ACL. We really don't have the option of doing a PDC. Is this a bad idea to try and get this to work without using PDC? smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_ACL_LIBACL_H HAVE_POSIX_ACLS smb.conf [global] passdb backend = tdbsam add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u security = user encrypt passwords = yes preferred master = Yes domain master = Yes domain logons = Yes debuglevel = 3 workgroup = Workgroup workgroup = temp netbios name = hitsnap bind interfaces only = True interfaces = eth1 lo max disk size = 990000 ;some programs (like PS7) can't deal with more than 1TB allow hosts = 192.168.0.0/16 socket options = TCP_NODELAY server string = Hitsnap smb ports = 139 syslog = 0 log level = 2 log file = /var/log/samba/log.%m vfs objects = recycle client ntlmv2 auth = yes ;recycle:repository = .recycle ;recycle:keeptree = Yes ;recycle:versions = Yes ;recycle:touch = Yes [netlogon] path = /var/lib/samba/netlogon read only = yes [homes] read only = no browseable = no [share1] ;minauth=none path = /share/hdrive/share1 read only = no browseable = yes writable = yes admin users = admin1 valid users = admin1 public = no create mask = 0777 directory mask = 0777 nt acl support = yes acl map full control = yes dont descend = .recycle Thanks Clinton Mills -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba