You'll need to enable ACLs. I use Ubuntu but I used this guide to set up ACLs on my particular setup.
http://aisalen.wordpress.com/2007/08/10/acls-on-samba/ -----Original Message----- From: samba-bounces+masaog=fshac....@lists.samba.org [mailto:samba-bounces+masaog=fshac....@lists.samba.org] On Behalf Of Wojciech Giel Sent: Tuesday, March 31, 2009 3:24 PM To: samba@lists.samba.org Subject: [Samba] Adding additional groups to a file. Hi, I have installed and configured Samba as PDC with Heimdal kerberos and openLDAP as backend for both on debian lenny. But i stuck on groups. I have created a file in my home directory mapped to my documents. I can change rwx permission on linux and windows and it works perfectly. but this file has as a group my default group. this file should be read by users from accounting and managers group too. but when i want to add additional group in security tab i get access denied. What should I do to be able to add additional groups. thanx, Wojciech my smb.conf workgroup = EXAMPLE netbios name = cannibal server string = Linux PDC/KDC (Samba %v) realm = EXAMPLE.COM use kerberos keytab = yes use spnego = yes log file = /var/log/samba/%m.log max log size = 1000 syslog = 1 log level = 4 utmp = Yes guest account = nobody map to guest = Never admin users = root addmachine vin @"Domain Admins" enable privileges = yes security = user encrypt passwords = true os level = 255 local master = yes domain master = yes preferred master = yes domain logons = yes keepalive = 30 time server = yes preserve case = yes short preserve case = yes case sensitive = no null passwords = no logon script = %U.bat logon path = \\cannibal\profiles$\%U\%a logon drive = G: logon home = \\cannibal\%U bind interfaces only = yes interfaces = eth0, lo hosts allow = 10.10.10. 127. wins support = yes dns proxy = yes passdb backend = ldapsam:ldaps://cannibal.example.com/ ldap admin dn = cn=ldapmaster/ad...@example.com,ou=KerberosPrincipals,dc=example,dc=com ldap suffix = dc=hogwarth,dc=edu ldap group suffix = ou=groups ldap user suffix = ou=KerberosPrincipals ldap machine suffix = ou=computers ldap idmap suffix = sambaDomainName=EXAMPLE ldap ssl = On ldap delete dn = Yes idmap backend = ldap:ldaps://cannibal.example.com/ idmap uid = 10000-25000 idmap gid = 10000-25000 Pam password change = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n *Retype*new*password* %n socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m -a "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" dos charset = cp852 unix charset = iso8859-2 display charset = LOCALE restrict anonymous = 0 [homes] comment = Home Directories valid users = %S browseable = no writable = yes admin users = %u write list = %u read list = %u create mask = 0644 directory mask = 0755 [netlogon] path = /samba/netlogon writable = no browseable = no share modes = no admin users = @"Domain Admins" [profiles] path = /samba/profiles valid users = %U, "@Domain Admins" writeable = yes inherit permissions = yes create mask = 0644 directory mask = 0755 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba