I am running Samba on a Linux server as the Active Directory / Domain Controller. One of the other servers on the LAN is an A/D Domain member. This server, we'll call it NAS, shares a directory. "public" that other Windows workstations in the domain can mount using their Active Directory credentials. The smb.conf settings are:
Code:
domain master = no
prefered master = no
realm = MYDOM.LOCAL
workgroup = MYDOM
usershare allow guests = Yes
usershare max shares = 10
security = ADS
template shell = /bin/bash
client min protocol = SMB2
client max protocol = SMB3
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
[public]
comment = main file and document repository
path = /mnt/RAID/public
# for the following settings see: https://www.samba.org/samba/docs/using_samba/ch08.html
hide dot files = yes
readonly = no
locking = yes
public = yes
printable = no
create mask = 0660
force user = myuser
force group = mygroup
force create mode = 0660
directory mask = 2771
This has been working fine for years. All users have access to [public] using their active directory credentials. But now I need to change things so some subdirectories are accessible by only certain users -- also via their A/D Credentials. For example, in this shared folder, /mnt/RAID/public, I have a subdirectory, 'Staff' with:
Code:
rwxrwsr-x 17 myuser mygroup 20480 2022-11-04 08:17 boris/
drwxrwsr-x 29 myuser mygroup 16384 2022-10-31 13:25 karloff/
drwxrwsr-x 39 myuser mygroup 12288 2022-10-19 11:32 charming/
drwxrwsr-x 22 myuser mygroup 8192 2022-11-02 16:15 delila/
I would like to have directories boris and karloff accessible by by either user boris and/or user karloff, and directory delila accessible only by user delila. Anyone can access directory charming, but user charming can not access any of the other directories.
How would I set this up with Samba on the NAS server? Do I have to move the /mnt/RAID/public/Staff folder completely out of the .../public folder? I'd rather not have to do that.