Samba w/AD + ACL
Posted: 04 May 2015 22:40
I am having a very strange.. (or maybe it's a normal) behavior with using smb/cifs on Nas4Free with AD authentication w/ ACL.
I have all the AD stuff working. So I will not go in to that part. I will start from the NAS4Free side.
Once I created a dataset, I created a bunch of folders in them some for different departments etc...
I first use 'chown -R <AD_Administrator_name>:<domain_admins> *' and 'chmod -R 755 *' ex: chown -R administrator:domain_admins * and then chmod -R 755 * as such, in Windows all those folders are now owned by Administrator and group set to Domain Admins... and Everyone referencing to the AD accounts
Once that is done, I go in to the Windows machine and modify the folder's share with the appropriate groups. (I am sure you can do this with setfacl, but I suck with *nix). So that is all great and fine. HOWEVER here is my problem. Creating a new folder or file in these "inherit permissoin" folders. IT WILL NOT INHERIT the Window's Permssion from the top of that folder! instead it always inherit <AD_Administrator_name> and <domain_admins> and everyone base on freebsd/nas4free side.
My question to you *nix master is how can I change the behavior of this. Right now anyone on a Windows machine that creates a folder/file on to the share running of NAS4Free it ALWAYS give permission based on the the initial chown/chmod settings on the NAS4Free side. Normally in Windows folders/files that is created under a folder inherits that top folder's permission. This is not the case. I have a feeling it has to do with a setting or needs a modification on FreeBSD/NAS4Free.
IF anyone know, please chime in.
I have all the AD stuff working. So I will not go in to that part. I will start from the NAS4Free side.
Once I created a dataset, I created a bunch of folders in them some for different departments etc...
I first use 'chown -R <AD_Administrator_name>:<domain_admins> *' and 'chmod -R 755 *' ex: chown -R administrator:domain_admins * and then chmod -R 755 * as such, in Windows all those folders are now owned by Administrator and group set to Domain Admins... and Everyone referencing to the AD accounts
Once that is done, I go in to the Windows machine and modify the folder's share with the appropriate groups. (I am sure you can do this with setfacl, but I suck with *nix). So that is all great and fine. HOWEVER here is my problem. Creating a new folder or file in these "inherit permissoin" folders. IT WILL NOT INHERIT the Window's Permssion from the top of that folder! instead it always inherit <AD_Administrator_name> and <domain_admins> and everyone base on freebsd/nas4free side.
My question to you *nix master is how can I change the behavior of this. Right now anyone on a Windows machine that creates a folder/file on to the share running of NAS4Free it ALWAYS give permission based on the the initial chown/chmod settings on the NAS4Free side. Normally in Windows folders/files that is created under a folder inherits that top folder's permission. This is not the case. I have a feeling it has to do with a setting or needs a modification on FreeBSD/NAS4Free.
IF anyone know, please chime in.