On 2013/06/11 09:56 AM, Coert Waagmeester wrote:
Hello all,
Got samba with AD integration and extended ACL up and running.
Here is what I am trying to do.
share1 in smb.conf:
[share1]
comment = share1
path = /mnt/data/share1
public = no
writable = yes
printable = no
valid users = @DOMAIN+group1
user1 and user2 are members of group1
user3 is not
user1 creates \\server\share1\dir1\user3
user1 grants permission only on the user3 directory to user3, not on any
parent directories
according to what I experienced with a windows file server, user3 should
be able to access this folder on:
\\server\share1\dir1\user3
But I get access denied with this samba setup.
Are there any configuration directives I am missing?
Kind regards,
Coert Waagmeester
PS HERE is my smb.conf:
#======================= Global Settings
=====================================
[global]
workgroup = DOMAIN
server string = DOMAIN File server
# --------------------------- Logging Options -----------------------------
log file = /var/log/samba/log.%m
max log size = 50
# ----------------------- Domain Members Options ------------------------
security = domain
passdb backend = tdbsam
realm = DOMAIN.LOCAL
winbind enum users = Yes
winbind enum groups = Yes
;winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap config * : range = 6000-20000
idmap config * : backend = tdb
;idmap uid = 6000-20000
;idmap gid = 6000-20000
;template primary group = "Domain Users"
template shell = /sbin/nologin
template homedir = /mnt/data/DOMAIN/home/%D/%U
root preexec = /usr/local/sbin/mkhomedir.sh %D %U
; password server = <NT-Server-Name>
# --------------------------- Printing Options
-----------------------------
load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options
---------------------------
map archive = yes
map hidden = yes
map read only = yes
map system = yes
store dos attributes = yes
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[share1]
comment = share1
path = /mnt/data/share1
public = no
writable = yes
printable = no
;write list = +staff
valid users = @DOMAIN+group1, DOMAIN+user3
Hello all,
Found out how to solve this.
On the tree to the directory where the user needs access, he needs UNIX
execute permission.
This works well so far, he cannot read or list anything apart from the
directory in the tree where he needs rw access.
Regards,
Coert Waagmeester
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
