Making complex shares in Samba Active Directory in Samba AD server, you can make the shares in using the Samba’s samba-tool and the smb.conf file and/or in Microsoft Windows in ADUC tool and Shared Folders in Computer Management. Making complex shares with NethServer 7 Final, you can only create and management complex shares in the NS webpage and not the Microsoft Windows.
First, I will make some complex shares using NS webpage and the second in Microsoft Windows, and showing some of the problems using Windows.
Which you like to do or prefer to do or hate to do (I don’t like using the samba-tool 😦 ), is the which one you decided or decided not to use – using Samba Active Directory server or using NethServer.
Using NethServer Internal Webpage
Making a shared folder for only Domain Admins
From my NS 7 Final post, I changed my username of ‘jbales’ from a Domain Users (implied by default) to the Domain Admins group by editing and typing in Domain Admins at the Add section in the Groups and clicking on Submit.
Then I made another username of ‘orange’ belonging to the default of Domain Users and not of member of Domain Admins.
Then I added a ‘admin’ shared folder that only Domain Admins to write to and read, and no one can see read/write to the share.
Testing the ‘admin’ share folder using Windows 10
First I tested jbales with the ‘admin’ share folder, and he can read and write to the share.
Then I tested orange and can’t read or write to the ‘admin’ shared folder.
Making a Personnel shared folder for only Personnel users
I created a username of ‘onions’ with the default group of Domain Users.
Then I created of new group called ‘personnel’ and add the username of ‘onions’ in the member group. It’s the same as adding a group when making a username or editing the username.
Then I created a ‘personnel’ shared folder with owning group on ‘firstname.lastname@example.org’ with read and write, and no one else to read it. But don’t close the shared folder yet.
Clicking on the ACL tab and adding ‘orange’ username with only read and not write. Then click on Submit. Also you can click on Share Folders after it been made, click on the ACL tab and add/remove/change for any user.
Testing the ‘personnel’ share folder using Windows 10
First I tested onions with the ‘personnel’ shared folder and he can read and write to the folder.
Then I tested orange and he can only read the folder and not to write to it.
Then I test jbales, a domain admin, and he could not read or write to the shared folder, and the NethServer Administrator email@example.com can’t see it also.
Only the actual firstname.lastname@example.org can read or write to the ‘personnel’ shared folder.
Using Microsoft Windows
You can add, delete and change users in ADUC, and they work correctly in addition to their groups and shared folders, but you can’t change the actual Shared Folder.
Picking up with the ‘personnel’ shared folder on the previous step and making it accessible from Domain Admins, trying to change in Microsoft Windows using the administrator, first give a error message when you click on the System Tools on the dc1.
When you try to change the Share Permission, an error message and says “Changes cannot be saved. Access is denied”
When you try to change the owner of a shared, another error message and it says “Unable to set the new owner on personnel (\\DC1)”
Then you will add or remove a user(s) on the Security section, the user is added or removed:
Until you can click on Apply, and then, poof, they’re gone.
I don’t what version of Samba that NethServer is using, but older version of Samba you cross referenced the Microsoft Windows domain username to the Unix NIS and GID, and Windows 7 shows a Unix tab but it’s grayed out. That might be the problem.