If users authenticate against AD
then you should be able to group them on the PDC and map them to UNIX groups on your samba server using "net groupmap" ie:
net groupmap add ntgroup=devusers unixgroup=developers
(replace devusers and developers with your own groups)
If you then set ownership of the folder to developers(or whatever) they'll have access to the share and the UNIX perms will dictate access. You can also use the following to control access via smb.conf:
write list = +\DOMAIN\user +\DOMAIN\group +user
to give the person writing the builds write access to the share and:
read list = +\DOMAIN\user +\DOMAIN\group +user
where + must preceed user and group names that are part of the domain as opposed to local users are are addressed without the +.
Before Samba 3.0.23b (from memory) you used @Group but since then you have to explicitly name the domain in each entry.
You can also set POSIX acls that allow you to expand permissions to more than just a single user, group and others.
Too much to put here but basically go look up net groupmap in the samba docs as well as posix acls.
Hope this helped.
Cheers,
Jools
|