Hello all,

I am able to do login authentication from Active directory (W2k server) on Fedora Core3 using Samba 3.0.14a.

Now I want set linux share permissions using Windows ACLs. In samba documentation its mentioned that it requires POSIX support and its not included in most of the distributions by default. My question is:

- How to know if POSIX ACL support is available? Through which commands or configuration checking?

- Is Fedora Core3 POSIX support by default? If no, then how to patch it?

Apparent from the samba documentation it seems that if POSIX support is enabled then setting share permissions is no more that simply using the Computer Management Console. I am wondering if it will be so simple after POSIX (and It will be quite relief if it is so! )

Thanks everyone for any suggestions.

Regards,
Jabran

Posix ACL is enable in fc3. you can try the command with getfacl directory/filename

I have been having this problem for the past 2 -3 weeks to set permission for samba user, try to search for more info about it.... i have finally rule out that eventhough with POSIX ACL you cant do exactly like Win ACL. this is due to the rwx permission in unix.

for example if you allow the user to edit/write and disable delete.. this option is only available in windows. As for samba, this particular permission could not be use because of the unix rwx permission, but if you just want to use as basic configuration that it is not a problem.

you can use your computer management console to connect to the samba server, but the permission is limited, and dont expect it to work exactly like windows.

hope this helps.

Thanks for your reply. Can you please provide some more information about the steps to access windows shares from Linux for setting ACLs, and any other related configuration to enale Samba using ACls?

I have all directories mounted under same partition, with ACL not enabled on the partition. I found this article http://www.vanemery.com/Linux/ACL/linux-acl.html to enable ACL on partitions. I didn't enabled ACL on the existing FC3 partition to avoid risk of blocked booting. Instead, I installed a new CentOS Linux distribution with "/home" on a separate partition, and remounted the partition wit ACL support according to steps in the above mentioned article.

After these steps, I am able to set ACLs on linux using setfacl commands, but still, Windows is not able to set any share permissions. When I try to set permissions from windows, access is denied while saving the permissions.

I will appreciate a lot if you can share the procedure that you followed for conifguration of Windws based ACLs .

Thanks.

And somehting additional notes .....

Also, its not possible to create a new share on Linux using Computer Management Console from Windows. I also observed that despite I have also set "root = administrator" in smbusers file on linux, if I login as domain administrator on Linux box, I donot have all root rights. Do I need to do something more to enable domain Administrator user to gain equual rights of the root user?

Thanks for any help.

to enable ACL you should edit /etc/fstab.

for example if you like to share your /home partition.

the config should like this:

LABEL=/home /home ext3 defaults 1 2

replace to

LABEL=/home /home ext3 rw,acl 1 2

then reboot your system (i reboot the system), or you can mount it with mount -v -o partition.

#Make sure, that your samba is running and you are able to log in into it. if not set your smbpasswd -a username.

When login click your under system maintenance i think, cant really remember it. connect the computer management to your samba server, then you may edit the ACL from windows.

Hope this helps.

Thanks for your response. I already made the change in fstab file and rebooted the system. After that I was able to set ACLs on Linux using setfacl commands, but not from windows.

Samba is running, and configured for active directory authentication, as I am able to login using active directory account on the linux box.

But as I mentioned in my last post, as I think, the windows' administrator user should have root rights on linux, but when I log in using windows administrator's account on Linux, it does not has root rights. And perhaps for the same reason it does not allow form the windows Computer Management Console to change ACL?

What could be going wrong?

Thanks for any further information.

You can use samba administration user, as for me i add another user using the login Admin. To login make sure that you are connected to the domain to make the changes. You can't edit it if your windows client is not logged in the domain.