I decided to use this thread, as it is the technical one.
First I’d like to thank you for your incredible work and it would be great to be able to set network share rights via Windows.
I tried to set it up with custom templates and NethServer shared folder profile to have specific shares as windows acled ones and leave other shares as they are:
http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-samba.html#shared-folder-profile
Created /etc/samba/user.map as it is no template
!root = CMB\Administrator CMB\administrator
Created custom template /etc/e-smith/templates-custom/etc/samba/smb.conf/11usermap:
#
# 11usermap - username map
#
username map = /etc/samba/user.map
Set the new profile for the specific shared folder:
db accounts setprop SHAREDFOLDER SmbProfileType winacls
Created shared folder profile named winacls (ibay-winacls). This shared folder profile dir has to be in templates dir, it doesn’t work in templates-custom.
mkdir -p /etc/e-smith/templates/etc/samba/smb.conf/ibay-winacls
cp /etc/e-smith/templates/etc/samba/smb.conf/ibay-default/* /etc/e-smith/templates/etc/samba/smb.conf/ibay-winacls
Browseable setting for specific folder may be changed via web UI or with
db accounts setprop SHAREDFOLDER SmbShareBrowseable enabled
but it seems to be enabled by default as not shown by samba testparm.
Then I changed /etc/e-smith/templates/etc/samba/smb.conf/ibay-winacls/20profile_default and uncommented the lines like you described and added csc policy setting at the end.
# 20profile_default:
read only = no
#inherit permissions = yes
; Add group write bit to default create mask, remove DOS archive bit (see below$
#create mask = 0664
#inherit owner = yes
; Use extended attribute to store DOS attributes (see man page)
store dos attributes = yes
#map archive = no
#map readonly = no
#inherit acls = yes
#map acl inherit = yes
#guest ok = { ($ibay{SmbGuestAccessType} || 'none') =~ /^rw?$/ ? 'y$
browseable = { ($ibay{SmbShareBrowseable} || 'enabled') eq 'enabled' $
# IMPORTANT! only value to add:
csc policy = disable
Apply changes:
signal-event nethserver-samba-update
Check if it worked and smb.conf has the new entries:
[root@server ~]# testparm -s
...
username map = /etc/samba/user.map
...
[SHAREDFOLDER]
comment = Samba share
path = /var/lib/nethserver/ibay/test
store dos attributes = Yes
csc policy = disable
read only = No
vfs objects = full_audit
Check shared folder settings:
Set rights as you described:
net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege -Uadministrator
I am able to change shared folder network rights via computer management - this seems to work .
I noticed that after these changes the root folder appears when browsing \\myserver.
Maybe you have some different smb.conf global settings I am missing?