[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Small/Medium scale SAMBA

On Fri, 2003-03-07 at 12:41, nate wrote:
> Your biggest problem may be file permissions. Neither samba nor
> samba-tng(as far as I know) support Domain group-based file permissions,
> everything is based on unix groups/users. 

Hi, Nate. Not quite sure if this is what you mean, but I am certainly
able (on my samba server with ext3+acls and winbind) to 

setfacl -m g:"Domain\\Domain Users":rwx filename

or use the nt file permissions dialog. Maybe I am misunderstanding you

> Unix users typically can
> be a member of a maximum number of 32 groups. You can get "around" this
> by using filesystem acls, but even then I think many acls are limited
> to 1024 bytes per file or something. So if you have very fine grained
> access for files then, samba may not be the best for you should you
> want to maintain that level of access.
Oh, ok maybe you just meant the previous in absence of acls

> Now if you have existing Novell/NT servers with domain group file
> permissions, using samba-tng you can keep those, it's been a year since
> I used samba and it did not support domain groups at the time, samba-tng
> does. It's just that file shares residing on UNIX systems running samba
> don't support domain groups in the file permissions(in shares defined
> in smb.conf)

in my smb.conf I have a number of shares set up with

valid users = @"Domain\Domain Users"

etc. this is w/ samba 2.2.7 - works perfectly (of course, winbind must
be installed/configured for this to work)

Matthew: FYI, I have recently migrated 400+ users off a struggling dual
proc nt server to a single cpu compaq ML340 server running Samba. They
make about 1.8 Gig's worth of changes daily (160G total) and my cpu
utilization doesn't go above 2% for more than a few seconds here and
there, and a peak load during the day of about 1.3 Of course as always,


Reply to: