Anyone know how to add ACL support to SAMBA?

john lists.john at
Thu Feb 28 19:53:31 GMT 2008

Hi all. Thanks very much for the feedback.

Here's the scenario.

We have a Linux file server which hosts student files for edubuntu
users and windows users. If a student logs on under edubuntu they
reach their files via a symlink to their NFS mounted fileshare. If the
student logs on via windows they get a "shortcut" on their desktop
that has a link to their files mounted via SAMBA.

edubuntu think client(NFS)--->Fileserver(NFS, SMB) <-------- windows fat client

All accounts are managed via Active Directory. We use winbind with
"idmap_rid" to bind linux auth via NSS.

I'd like to add acl support because I *think* it would help overcome a
problem that I am having which is:

When we hosted student files on Windows 2003 we would allow teachers
to add new students via a custom windows MMC on their Desktop. However
they get a message that says they don't have rights to admin the files
on the samba server. I've tried adding them as "admins users" on the
samba share:

admin users = @"VAN\domain admins"  @"VAN\mcmcomputer admins"

but that didn't fix the problem. Moveover when I addusers as a "domain
admin" from Active Directory, I can create a windows "Home Directory"
and path to the "home directory" under their profile, but it is owned
by root rather than the student whose directory it is. Under a "pure"
windows environment, the directory would be owned by the student
rather than the domain admin.

Whew! Anyway that's where I am right now. I am considering making a
local linux user with rootly powers and a parallel user in Windows
(i.e same username and password) and see if that solves this issue.

Any ideas would be appreciated.


On Thu, Feb 28, 2008 at 9:46 AM, Greg Reagle <greagle at> wrote:
> > Can you be more specific as to just exactly what you want to be able
>  to
>  > do?  there may be other easier ways to accomplish it
>  I second that.  My personal opinion is that Samba is horribly
>  complicated and I try to avoid it whenever possible.  Mind you, I think
>  it's great software and it's complicated because of the complexity of
>  SMB/CIFS, not because of the Samba implementation.
>  For example, when sharing files between Unix computers, I like sshfs a
>  lot, very simple.
>  --
>  greg reagle | computer technician, system administrator | community it
>  innovators - CITI | 202-234-1600 ext. 353
>  --
>  edubuntu-users mailing list
>  edubuntu-users at
>  Modify settings or unsubscribe at:

More information about the edubuntu-users mailing list