Thanks it works well. Wojciech On Tuesday 31 March 2009 21:55:11 you wrote: > You'll need to enable ACLs. I use Ubuntu but I used this guide to set up > ACLs on my particular setup. > > http://aisalen.wordpress.com/2007/08/10/acls-on-samba/ > > -----Original Message----- > From: samba-bounces+masaog=fshac....@lists.samba.org > [mailto:samba-bounces+masaog=fshac....@lists.samba.org] On Behalf Of > Wojciech Giel > Sent: Tuesday, March 31, 2009 3:24 PM > To: samba@lists.samba.org > Subject: [Samba] Adding additional groups to a file. > > Hi, > I have installed and configured Samba as PDC with Heimdal kerberos and > openLDAP as backend for both on debian lenny. But i stuck on groups. > I have created a file in my home directory mapped to my documents. I can > change rwx permission on linux and windows and it works perfectly. but this > file has as a group my default group. this file should be read by users > from > > accounting and managers group too. but when i want to add additional group > in security tab i get access denied. What should I do to be able to add > additional groups. > thanx, > Wojciech > > my > smb.conf > workgroup = EXAMPLE > netbios name = cannibal > server string = Linux PDC/KDC (Samba %v) > realm = EXAMPLE.COM > use kerberos keytab = yes > use spnego = yes > > log file = /var/log/samba/%m.log > max log size = 1000 > syslog = 1 > log level = 4 > utmp = Yes > > guest account = nobody > map to guest = Never > admin users = root addmachine vin @"Domain Admins" > enable privileges = yes > > security = user > encrypt passwords = true > os level = 255 > local master = yes > domain master = yes > preferred master = yes > domain logons = yes > > keepalive = 30 > time server = yes > preserve case = yes > short preserve case = yes > case sensitive = no > null passwords = no > > logon script = %U.bat > logon path = \\cannibal\profiles$\%U\%a > logon drive = G: > logon home = \\cannibal\%U > > bind interfaces only = yes > interfaces = eth0, lo > hosts allow = 10.10.10. 127. > wins support = yes > dns proxy = yes > > passdb backend = ldapsam:ldaps://cannibal.example.com/ > ldap admin dn = > cn=ldapmaster/ad...@example.com,ou=KerberosPrincipals,dc=example,dc=com > ldap suffix = dc=hogwarth,dc=edu > ldap group suffix = ou=groups > ldap user suffix = ou=KerberosPrincipals > ldap machine suffix = ou=computers > ldap idmap suffix = sambaDomainName=EXAMPLE > ldap ssl = On > ldap delete dn = Yes > idmap backend = ldap:ldaps://cannibal.example.com/ > idmap uid = 10000-25000 > idmap gid = 10000-25000 > Pam password change = yes > > ldap passwd sync = yes > unix password sync = no > passwd program = /usr/sbin/smbldap-passwd -u %u > > passwd chat = *New*password* %n *Retype*new*password* %n > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add user script = /usr/sbin/smbldap-useradd -m -a "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script > = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > dos charset = cp852 > unix charset = iso8859-2 > display charset = LOCALE > restrict anonymous = 0 > > [homes] > comment = Home Directories > valid users = %S > browseable = no > writable = yes > admin users = %u > write list = %u > read list = %u > create mask = 0644 > directory mask = 0755 > > [netlogon] > path = /samba/netlogon > writable = no > browseable = no > share modes = no > admin users = @"Domain Admins" > > [profiles] > path = /samba/profiles > valid users = %U, "@Domain Admins" > writeable = yes > inherit permissions = yes > create mask = 0644 > directory mask = 0755
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
