[QUOTE=jmozdzen;9999]Hi Heinz,
I feel for you - it took me quite some time to go through all the settings and queries until I got SAMBA to work with LDAP-stored domain information. I ended up actually tracing LDAP queries to understand what’s really going on. And then there was a version change in SAMBA and I had to re-learn…
Does SAMBA look at the LDAP groups or are the LDAP and unix groups supposed to be mapped together?
Which groups are you asking for? There are SMB groups and system level groups - SAMBA maps SMB to system groups… SMB groups are stored in the SAMBA data store, which can be either LDAP or other - system groups can be either local and/or LDAP, depending on the system configuration.
I believe that SAMBA will simply map the SMB user to the system user and then the system will take that user’s system groups into consideration. So again the question arises: Which groups did you change:
I set up some shares with different rights per Groups
From what I’ve seen, SAMBA will set ACLs on the directories/files to accomplish the “multiple group rights” feature - how are the actual system permissions on those directories? And pardon the question, but I don’t get what you’re actually doing (what tool, what action) when you “change rights via SAMBA share options” :[
What are the Free or relatively low cost programs out there that will help me do LDAP and SAMBA management?
LDAP: I’m too old-school: “gq” will work nicely, especially as it let’s you see and modify what is actually stored. It doesn’t help you when it comes to identifying what to store where - know-how is still left to the user
SAMBA: Iirc, there are tons of web-based fronts ends out there, then there’s YaST and you can do things right from a MS Windows workstation - so the answer basically depends on what you’re actually trying to do with the admin tool…
Regards,
Jens[/QUOTE]
Thanks for replying back.
Basically what we are trying to accomplish is allowing read-only rights to most everyone in the company to almost all folders and files in the shares then depending on which directory we are assigning write privileges. Naturally we will have some directories in those shares that we only want administrators and or accounting personal access to.
Well what I have tried was using the chgrp command and chmod command on the shares to grant different rights to groups, but for instance I made a share with chmod 755 chrgrp everyone thinking that I could make a LDAP/Samba group and include all of my users in the Everyone group just not make it their primary group.
Then in the share options I made a Write list = @Engineers
I assumed that since I had created a user and made his primary group “Engineers” and toggled the Manage Samba attribute that this user could write to the share where everyone else would be read-only. It didn’t.
I think where I am going wrong is that my Samba groups are being mapped to the system groups cause when I go to the local groups all that is there is the users group.
Thanks again for replying, Linux and Samba are sure making me feel dumb.
Heinzk1