[Freeipa-users] samba & IPA
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 24 06:07:55 UTC 2012
On Thu, 23 Feb 2012, Jeremy Agee wrote:
> You should also be able to use the filesystem to control access to
> the smb share. If acl support is on the filesytem, you can use
> these as well. Samba should have "nt acl support = Yes" set by
> default.
Yes, this will work -- as long as SSSD or nss_ldap would be delivering
IPA users and groups properly. This does not give the same centralized
way of managing things though, ACLs need to be set on each server
separately (for better, probably).
Also, you'd still give out the fact test2 is existing on the server
which might be unreasonable information leak in certain circumstances.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list