https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265273#M33760 To be able to set permissions to files and folders, you must map the UID/GID to Windows SIDS. For this job, probably, winbind is the way to go. Thu, 11 Sep 2008 12:59:49 GMT Ivan Ferreira 2008-09-11T12:59:49Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265270#M33757 I have a samba server(as a MS Windows AD member server).<BR />can I grant/set permissions on users/group of AD on shared folders stored on samba server.<BR /><BR />in other words, on a samba server that has joined AD domain, I want to assign permissions on users of AD on directories on samba server.<BR /><BR />Regards<BR />Maaz <BR /> Tue, 09 Sep 2008 07:25:14 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265270#M33757 Maaz 2008-09-09T07:25:14Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265271#M33758 Yes you can. Wed, 10 Sep 2008 15:09:56 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265271#M33758 Court Campbell 2008-09-10T15:09:56Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265272#M33759 Hi Court Campbell <BR />&gt;Yes you can.<BR />:), thanks but if you can also please guide how to do this ?<BR />any url/doc/tutorial ?<BR /><BR />Regards Thu, 11 Sep 2008 01:34:27 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265272#M33759 Maaz 2008-09-11T01:34:27Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265273#M33760 To be able to set permissions to files and folders, you must map the UID/GID to Windows SIDS. For this job, probably, winbind is the way to go. Thu, 11 Sep 2008 12:59:49 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265273#M33760 Ivan Ferreira 2008-09-11T12:59:49Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265274#M33761 Well, I assume that you are using winbind. If so and all is working, you just use the chown or chgrp commands. I just assume you are already familiar with those commands. Thu, 11 Sep 2008 13:02:16 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265274#M33761 Court Campbell 2008-09-11T13:02:16Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265275#M33762 Hi Ivan Ferreira and Court Campbell, thanks for help.<BR />I dont know about winbind, because this SAMBA server is SLES 10, SLES 10 can join AD Domain, using 3 or 4 mouse clicks, very smoothly and without any issue.<BR /><BR />Anyhow I'll check it<BR /><BR />Thanks<BR /> Fri, 12 Sep 2008 02:07:30 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265275#M33762 Maaz 2008-09-12T02:07:30Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265276#M33763 Hi,<BR />You can do this.<BR />You have to define AD users in Samba Server for desired directories also.<BR /><BR />Regards,<BR />Gokul Chandola Sat, 13 Sep 2008 02:55:59 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265276#M33763 Gokul Chandola 2008-09-13T02:55:59Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265277#M33764 Hi thanks Gokul Chandola<BR />&gt;You have to define AD users in Samba Server for desired directories also.<BR /><BR />say I have a user maaz in MS AD Domain, then what to do in smb.conf ? please share.<BR /><BR />cat /etc/samba/smb.conf<BR />[data]<BR />path = /data<BR />read only = No<BR /><BR />I want to set permission for maaz(domain user), and to all those users that are member of "grad1" group of MS AD domain on /data directroy<BR /><BR /><BR /> Sat, 13 Sep 2008 03:25:56 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265277#M33764 Maaz 2008-09-13T03:25:56Z https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265278#M33765 It depends of the "security = " samba setting. Check the Samba 3 Howto for detailed information about this setting or smb.conf.<BR /><BR />Then you will have:<BR /><BR />cat /etc/samba/smb.conf<BR />[data]<BR />path = /data<BR />read only = No<BR />valid users = maaz @grad1<BR /><BR />Considering that grad1 is a Unix/LDAP group. Tue, 16 Sep 2008 14:37:24 GMT https://community.hpe.com/t5/operating-system-linux/setting-acl-on-ad-users/m-p/4265278#M33765 Ivan Ferreira 2008-09-16T14:37:24Z